Last updated: May 1st, 2026
At VERYA, we take the security of our systems and user data seriously. We welcome the efforts of security researchers and the community to help us maintain safe and secure systems.
Reporting a Vulnerability
If you believe you have discovered a security vulnerability, please report it to us as soon as possible.
Contact:
- Email: [email protected]
- Alternate: [email protected]
Please include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Any proof-of-concept code or screenshots
- The potential impact of the vulnerability
We will acknowledge receipt of your report within a reasonable timeframe.
Supported Systems
This policy applies to:
- https://verya.ca
- Any subdomains owned and operated by VERYA Inc.
Out of Scope
The following are generally considered out of scope:
- Issues requiring physical access to a user’s device
- Social engineering attacks
- Denial of Service (DoS/DDoS) attacks
- Spam or phishing-related issues not directly caused by our systems
- Vulnerabilities in third-party services we do not control
Responsible Disclosure Guidelines
We ask that you:
- Act in good faith and avoid privacy violations or data destruction
- Only test vulnerabilities on systems you own or have permission to test
- Do not access, modify, or delete data that does not belong to you
- Avoid disrupting our services
Disclosure Process
- We aim to acknowledge reports within 2–5 business days
- We will investigate and validate the issue
- We will work to resolve confirmed vulnerabilities in a timely manner
- We may reach out for additional information if needed
Recognition
We appreciate the work of security researchers. With your permission, we may publicly acknowledge your contribution on this page or a dedicated recognition page.
Legal Safe Harbor
We will not pursue legal action against individuals who:
- Act in good faith
- Follow this policy
- Do not exploit vulnerabilities beyond what is necessary to demonstrate them
