Security
Scalign takes security seriously. We encourage responsible disclosure from security researchers, customers, and partners, and we handle security reports promptly and professionally.
Responsible disclosure
If you believe you've found a security vulnerability affecting Scalign, please report it responsibly so we can investigate and address it.
- A clear description of the issue and potential impact
- Steps to reproduce or a proof of concept (if possible)
- Affected URLs, endpoints, or components
- Any relevant logs, timestamps, or screenshots
Please avoid actions that could impact other users, and if possible, avoid public disclosure until we've had a chance to investigate and respond.
Scalign does not currently operate a public bug bounty program.
Scope
In scope are Scalign's product, services, and infrastructure that we operate or control.
Out of scope are issues in third-party services not controlled by Scalign (for example, vulnerabilities within a vendor's own platform), as well as social engineering, denial-of-service testing, and customer-managed environments.
Customer incident handling
Scalign maintains an internal incident response process for investigating and remediating security incidents. We prioritize rapid containment, investigation, and corrective actions.
If a security incident results in confirmed exposure of customer data, a legal notification obligation, or a material impact to service security or availability, we will notify affected customers via email when appropriate.
Data & privacy (brief)
Customer data is primarily stored in the EU. Where necessary to deliver the service, Scalign may use carefully selected third-party processors, including processing in other regions. Our security controls are reviewed and improved as the company and product evolve.