Security

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in MarionTek's systems, please report it to us promptly. We take security issues seriously and will investigate and respond to credible reports.

Contact: security@mariontek.com

Please include a description of the issue, the affected component or URL, steps to reproduce, and your assessment of potential impact. We ask that you not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.

What to Expect

We will acknowledge your report within a reasonable time, keep you informed of our progress, and let you know when the issue has been resolved. We will not take legal action against researchers acting in good faith under this policy.

Scope

This policy applies to the MarionTek web application and API. It does not cover third-party services and infrastructure providers (Twilio, Stripe, Supabase, OpenAI), which have their own security programs.