Contact
Security reports can be sent to security@spokedna.com. Please include the affected URL, steps to reproduce, observed impact, and whether any customer data may be involved. The site publishes /.well-known/security.txt pointing to this Trust centre.
Scope
The initial scope is the public website, authenticated portal, upload/download flows, authorization boundaries, and exposed API routes. Reports must not include attempts to access, alter, or exfiltrate customer data.
Good-faith boundaries
Good-faith testing should avoid privacy harm, service disruption, spam, social engineering, physical attacks, payment abuse, automated high-volume scanning, or attempts to view another person's data. If a report accidentally exposes data, stop testing and contact us immediately.
Response expectations
Spoke aims to acknowledge material reports within three business days, triage severity, preserve evidence, remediate confirmed issues, and communicate material customer impact through the incident process. A fuller legal safe-harbour statement will be published after counsel review.