# In the event that you have discovered a technical vulnerability in an IT system of Resilio SA, R&K Access or Resilio France SA
# We encourage you to report it to us via email.
# We forward your request to the appropriate unit.

Contact: mailto:security@resilio-solutions.com
Encryption/Singature: OpenPGP, see vks://keys.openpgp.org (5F571C76DD3110A0049E79542FCF93824A6EBFB8)

Preferred-Languages: en, fr
Acknowledgments: We acknowledge responsible disclosure. Researchers acting in good faith, following this policy, will not face legal action under Swiss law (Art. 156 StGB, Art. 179novies StGB).
Scope:
- In-scope: *.resilio-solutions.com, *.resilio.tech, *.resilio.academy
- Out-of-scope: Third-party services, physical attacks, social engineering
Rules:
- Do not access, modify, or delete data beyond what is necessary to demonstrate the vulnerability.
- Do not disrupt services or violate privacy.
- Provide detailed, reproducible steps.
Disclosure:
- Report vulnerabilities to the contact above.
- We aim to respond within 5 business days.
- Public disclosure only after mutual agreement and patch release.