Security

Vulnerability Disclosure Policy

Simply Discover is committed to maintaining the security and integrity of our platform and services. We welcome responsible disclosure of security vulnerabilities from researchers, customers, and third parties.

If you believe you have identified a security vulnerability, use our security reporting form with a clear description, reproduction steps, likely impact, and any supporting material. We acknowledge reports within 3 business days and handle them in line with the policy below.

Last updated: 1st April 2026
Read the Policy

At a glance

This page is designed to make reporting straightforward: what is in scope, what we need from you, how we respond, and where the boundaries are.

Scope

What this policy covers

  • Simply Discover platform services
  • Associated applications, including integrations and plugins
  • Infrastructure operated by Simply Discover
Reporting

What to include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Logs, screenshots, or proof-of-concept material where relevant
Commitment

What we will do

  • Acknowledge receipt within 3 business days
  • Investigate and validate the issue
  • Prioritise remediation based on severity and impact
  • Keep the reporter informed where appropriate
Exclusions

Out of scope

  • Denial of service (DoS/DDoS) testing
  • Social engineering attacks
  • Physical attacks against facilities

1. Introduction

Simply Discover is committed to maintaining the security and integrity of our platform and services. We welcome responsible disclosure of security vulnerabilities from researchers, customers, and third parties.

This policy outlines how to report vulnerabilities and how we will handle such reports.

2. Scope

This policy applies to:

  • Simply Discover platform services
  • Associated applications, including integrations and plugins
  • Infrastructure operated by Simply Discover

3. Reporting a Vulnerability

If you believe you have identified a security vulnerability, please report it using our security reporting form:

Please include as much detail as possible:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any supporting materials, including logs, screenshots, or proof-of-concept material

4. Our Commitment

Upon receiving a report, Simply Discover will:

  • Acknowledge receipt of the report within 3 business days
  • Investigate and validate the issue
  • Prioritise remediation based on severity and impact
  • Keep the reporter informed of progress, where appropriate

5. Responsible Disclosure Guidelines

We ask that researchers:

  • Act in good faith
  • Avoid accessing, modifying, or deleting data that does not belong to them
  • Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
  • Do not disclose the vulnerability publicly until it has been addressed or agreed otherwise

6. Safe Harbour

Simply Discover will not pursue legal action against individuals who discover and report vulnerabilities in good faith, and who follow this policy and act responsibly.

7. Exclusions

This policy does not cover:

  • Denial of service (DoS/DDoS) testing
  • Social engineering attacks
  • Physical attacks against facilities

8. Continuous Improvement

All reported vulnerabilities are reviewed and used to improve our security posture, development practices, and operational controls.

9. Contact

For any questions regarding this policy, please use our contact form: