Contact
Security reports can be sent to security@spokebio.com. The site publishes /.well-known/security.txt pointing to this Trust centre.
Scope
The initial scope is the public website, authenticated portal, upload/download flows, authorization boundaries, and exposed API routes. Reports must not include attempts to access, alter, or exfiltrate customer data.
Response expectations
Spoke acknowledges material reports, triages severity, preserves evidence, remediates confirmed issues, and communicates material customer impact through the incident process. Safe-harbour wording still needs counsel review before publication.