PortalChecking session

Trust centre

Vulnerability disclosure

How security researchers and customers can report suspected vulnerabilities.

Contact

Security reports can be sent to security@spokedna.com. Please include the affected URL, steps to reproduce, observed impact, and whether any customer data may be involved. The site publishes /.well-known/security.txt pointing to this Trust centre.

Scope

The initial scope is the public website, authenticated portal, upload/download flows, authorization boundaries, and exposed API routes. Reports must not include attempts to access, alter, or exfiltrate customer data.

Good-faith boundaries

Good-faith testing should avoid privacy harm, service disruption, spam, social engineering, physical attacks, payment abuse, automated high-volume scanning, or attempts to view another person's data. If a report accidentally exposes data, stop testing and contact us immediately.

Response expectations

Spoke aims to acknowledge material reports within three business days, triage severity, preserve evidence, remediate confirmed issues, and communicate material customer impact through the incident process. A fuller legal safe-harbour statement will be published after counsel review.

Trust centre

These pages describe the current product posture and the controls being hardened before broader intake. Certification, audit, and legal claims are made only when supporting evidence exists.

Back to Trust centre