Skip to main content
TeldenProduct Service DeskBack

Security Disclosure Policy

Scope

This security disclosure policy covers the Telden Product Service Desk platform (telden.eu), its infrastructure, and the web application. Third-party integrations, dependencies, and linked services are covered only to the extent that a vulnerability in our use or configuration of them could affect Telden users or data.

Reporting a vulnerability

If you discover a security vulnerability in Telden, please report it to us via email at security@telden.eu. We prefer reports in English or German. Please include enough detail for us to reproduce the issue: affected component, steps to reproduce, and a description of the potential impact.

Do not publicly disclose a vulnerability before we have had a reasonable opportunity to investigate, address, and coordinate disclosure with affected parties. We aim to acknowledge receipt within 2 business days and provide a status update within 10 business days.

Safe harbour

Telden will not pursue legal action or make a complaint to law enforcement against anyone who, in good faith, researches, discovers, and reports a security vulnerability in accordance with this policy. Good faith means: not exploiting the vulnerability beyond what is necessary to demonstrate it, not accessing or modifying data that does not belong to you, and not degrading the availability or performance of the service.

What we ask of reporters

  • Provide a clear written report in English or German.
  • Include reproduction steps and, where possible, a proof of concept.
  • Give us a reasonable time to assess and resolve the issue before public disclosure.
  • Do not exploit the vulnerability beyond what is needed to demonstrate impact.

Response expectations

We prioritise vulnerability reports based on severity and potential user impact. Critical issues that could lead to unauthorised data access or service compromise are treated as incidents with immediate remediation. Non-critical issues are triaged into the development backlog.

Contact: security@telden.eu. Supported languages: English, German.

Related information

The machine-readable security contact file is at /.well-known/security.txt and is the canonical source for contact details and key expiry dates. The Markdown security summary for LLM and crawler consumption is at /docs/security.md.