Security Overview
Central point of contact for security reports and bug bounty program
Overview
The security of our platform and the protection of your data are our highest priority. This page is your central point of contact for all security-related reports and inquiries.
Security Areas
🏗️ Infrastructure Security
Technical security measures of our infrastructure:
- Network & Server: Load Balancer, WAF, DDoS Protection
- Monitoring & Response: 24/7 monitoring and incident response
- Compliance: GDPR, audits and certifications
💻 Software Security
Security measures in software development:
- Secure Development: SDLC, Code Reviews, Security Testing
- Vulnerability Management: Automated scans and updates
- Developer Training: Training and Security Champions
🔒 DataVault Privacy
OnPremise solution for maximum data security:
- Local Data Storage: All data remains in your infrastructure
- Encrypted Transfer: Only relevant text sections via VPN
- GDPR Compliance: Complete control over your data
🚨 Report Security Vulnerability
Immediate Reporting
If you have discovered a security vulnerability:
📧 Email: security@meingpt.com
📝 Subject: URGENT - Critical Security Issue (for critical issues)
What You Should Include
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact and risk assessment
- Screenshots or code examples (if possible)
⏱️ Our Response Times
| Severity | Confirmation | Initial Analysis | Resolution |
|---|---|---|---|
| Critical | 2 hours | 4 hours | 24 hours |
| High | 4 hours | 24 hours | 1 week |
| Medium | 24 hours | 72 hours | 1 month |
| Low | 48 hours | 1 week | As needed |
💰 Bug Bounty Program
Rewards
| Severity | Reward | Examples |
|---|---|---|
| Critical | €5,000 - €10,000 | Remote Code Execution, Authentication Bypass |
| High | €1,000 - €5,000 | SQL Injection, Privilege Escalation |
| Medium | €200 - €1,000 | XSS, CSRF |
| Low | €50 - €200 | Information Disclosure |
Participation
- Contact: bounty@meingpt.com
- Scope: Discuss allowed systems and test methods
- Testing: Conduct responsible security tests
- Reporting: Submit detailed vulnerability report
- Verification: Confirmation by our security team
- Reward: Payment after successful resolution
Responsible Disclosure Policy
✅ Allowed
- Coordinated disclosure after successful resolution
- Recognition in our Security Hall of Fame
- Legal protection for responsible researchers
- Constructive collaboration with our security team
❌ Not Allowed
- Access to customer data without permission
- Denial of Service (DoS) attacks
- Social engineering of employees
- Physical attacks on our infrastructure
🏆 Security Champions
Hall of Fame
We thank all security researchers who have helped us:
- [Researcher Name] - SQL Injection in User Management (March 2024)
- [Researcher Name] - XSS in Chat Interface (February 2024)
- [Researcher Name] - CSRF in Settings Page (January 2024)
Names are only published with researchers' consent
📞 Contact
For Different Concerns
- Security Vulnerabilities: security@meingpt.com
- Bug Bounty: bounty@meingpt.com
- General Questions: support@meingpt.com
Email Subject Lines
URGENT - Critical Security Issue- Critical vulnerabilitiesSecurity Vulnerability Report- General vulnerability reportsBug Bounty Submission- Bug Bounty ProgramSecurity Question- General security questions
PGP Encryption
For particularly sensitive reports, our public PGP key is available upon request.
Further Information:
- 📖 Software Security - Development Security
- 📖 Infrastructure Security - Technical Security Measures
- 📖 DataVault Privacy - OnPremise Privacy