Security Overview
Central point of contact for security reports and bug bounty program
Detailed Security Documentation: Comprehensive technical details, incident response plans, and operational procedures are available after signing an NDA.
Overview
The security of our platform and the protection of your data are our highest priority. This page is your central point of contact for all security-related reports and inquiries.
Security Areas
🏗️ Infrastructure Security
Cloud-native Zero Trust architecture with enterprise-grade services:
- Managed Kubernetes: Service mesh with mTLS end-to-end encryption
- Monitoring & Alerting: Comprehensive monitoring with automated notifications
- Compliance: GDPR compliant, ISO 27001 in preparation, SOC 2 Type II planned for 2026
💻 Software Security
Modern type-safe development architecture with security by design:
- Secure Development: TypeScript Strict Mode, Python with typing, OWASP Top 10
- Automated Security: AI-based code analysis, automatic dependency updates
- External Testing: Bug bounty program, external penetration test planned for August 2025
🔒 DataVault Privacy
OnPremise solution for maximum data security:
- Local Data Storage: All data remains in your infrastructure
- Encrypted Transfer: Only relevant text sections via VPN
- GDPR Compliance: Complete control over your data
🚨 Report Security Vulnerability
Immediate Reporting
If you have discovered a security vulnerability:
📧 Email: security@meingpt.com
📝 Subject: URGENT - Critical Security Issue (for critical issues)
What You Should Include
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact and risk assessment
- Screenshots or code examples (if possible)
⏱️ Our Response Times
We have implemented a structured incident response system:
- Critical vulnerabilities: Immediate response (0-15 minutes)
- High priority: Response within 30 minutes
- Medium priority: Response within 2 hours
Detailed Incident Response Procedures: Specific escalation paths, communication plans, and operational procedures are documented in our internal incident response plan and available after NDA signing.
💰 Bug Bounty Program
We reward responsible security researchers for finding and reporting vulnerabilities in our systems.
Rewards
The amount of the reward is based on:
- Severity of the vulnerability
- Quality of the report
- Potential impact
- First-time reporting
Participation
For details about our Bug Bounty Program and current terms, please contact: bounty@meingpt.com
We will then discuss individually:
- The scope of allowed tests
- Testing methods
- Reporting procedures
- The verification process
Responsible Disclosure Policy
✅ Allowed
- Coordinated disclosure after successful resolution
- Recognition in our Security Hall of Fame
- Legal protection for responsible researchers
- Constructive collaboration with our security team
❌ Not Allowed
- Access to customer data without permission
- Denial of Service (DoS) attacks
- Social engineering of employees
- Physical attacks on our infrastructure
🏆 Security Champions
Hall of Fame
We thank all security researchers who have contributed to improving our platform. With their consent, we will publish their names here.
Details about specific vulnerabilities are not shared publicly for security reasons.
📞 Contact
For Different Concerns
- Security Vulnerabilities: security@meingpt.com
- Bug Bounty: bounty@meingpt.com
- General Questions: support@meingpt.com
Email Subject Lines
URGENT - Critical Security Issue- Critical vulnerabilitiesSecurity Vulnerability Report- General vulnerability reportsBug Bounty Submission- Bug Bounty ProgramSecurity Question- General security questions
PGP Encryption
For particularly sensitive reports, our public PGP key is available upon request.
Further Information:
- 📖 Software Security - Development Security
- 📖 Infrastructure Security - Technical Security Measures
- 📖 DataVault Privacy - OnPremise Privacy