Responsible Disclosure Policy

At FononTech, we take the security of our systems and data seriously. We welcome responsible disclosure of security vulnerabilities from external researchers and the wider community.

How to Report

If you believe you have discovered a security vulnerability in any FononTech system, product, or service, please report it to us at security@fonontech.com. Include as much detail as possible: a description of the vulnerability, steps to reproduce it, affected systems or URLs, and any potential impact.

What We Ask

• Give us reasonable time (at least 90 days) to investigate and address the issue before disclosing it publicly.
• Do not access, modify, or delete data belonging to others.
• Do not perform actions that could degrade or disrupt our services (e.g., denial-of-service testing).
• Do not use the vulnerability for any purpose beyond what is necessary to demonstrate it.
• Act in good faith and comply with all applicable laws.

What We Commit To

• We will acknowledge receipt of your report within 5 business days.
• We will keep you informed of our progress where possible.
• We will not pursue legal action against researchers who follow this policy in good faith.
• We will credit you (if you wish) when the vulnerability is resolved.

Scope

This policy applies to systems and services operated by FononTech B.V. under the fonontech.comdomain. Third-party services and platforms are out of scope.

Contact: security@fonontech.com