Skip to main content
ELITE Logo
My account linkPress to access My account
4.8
rating on Trustpilot
Microsoft Solutions Partner Logoℹ️"ELITE operates through an accredited Microsoft Solutions Partner."
Request a Quote

Vulnerability Disclosure Policy

Last Updated: 17 March 2026

We at ELITE (trading as Elite Enterprise Software) are committed to protecting the security and privacy of our customers and their data. We appreciate the efforts of security researchers who help identify potential vulnerabilities in our systems.

1. Scope

This policy applies to any digital assets owned, operated, or maintained by ELITE, including the eliteenterprisesoftware.com domain and its subdomains. If you find a vulnerability in our services or platforms, please follow the reporting guidelines below.

2. Reporting a Vulnerability

  • Contact: Send a detailed report to [email protected] or through our contact form.
  • Encryption: For sensitive information, we encourage the use of encryption. Please contact us for our public PGP key.
  • Include: A clear description of the vulnerability, step-by-step instructions to reproduce, potential impact assessment, and any relevant evidence (screenshots, logs, proof of concept).
  • Your contact details: So we can follow up with you regarding the report. We will keep your identity confidential unless you request otherwise.

3. Our Commitment

  • We will acknowledge receipt of your report within 3 business days.
  • We will provide a status update within 10 business days and strive to resolve confirmed vulnerabilities within 90 days, depending on complexity.
  • We will not take legal action against researchers who follow this policy in good faith.
  • We will work with you to understand and validate the issue before taking any public action.
  • We will credit you (if desired) when we publish information about the resolved vulnerability.

4. Safe Harbour

Activities conducted in accordance with this policy are considered authorised conduct. We will not pursue civil or criminal action, or support prosecution under the Computer Misuse Act 1990 or similar laws, against researchers who act in good faith and in compliance with this policy, provided:

  • You do not exploit the vulnerability beyond what is necessary to demonstrate the issue.
  • You do not access, modify, or delete data belonging to other users.
  • You do not publicly disclose vulnerability details without prior coordination with us.
  • You make a good-faith effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data.
  • You comply with all applicable laws (the safe harbour in this policy does not override any legal requirements).

5. Data Handling During Research

If you inadvertently access personal data during your research, you must:

  • Stop testing immediately and report the issue to us.
  • Not store, copy, share, or otherwise retain any personal data you have accessed.
  • Securely delete any stored data as soon as it is no longer needed to demonstrate the vulnerability.

6. Out of Scope

The following activities are expressly excluded from this policy and are not authorised:

  • Social engineering of employees, contractors, or customers.
  • Physical attacks on our offices, data centres, or infrastructure.
  • Denial of service attacks (DoS/DDoS).
  • Spamming or phishing attacks.
  • Testing on third-party services that integrate with our platform (report these directly to the third party).
  • Automated vulnerability scanning without prior approval.

7. Acknowledgments

We currently do not operate a paid bug bounty programme, but we may offer a token of appreciation for valid, responsibly disclosed vulnerabilities. With your permission, we are happy to publicly acknowledge your contribution.

8. Contact

For all security-related matters, please contact: [email protected]

We use cookies to ensure you get the best experience on our website. Cookies are used (but not limited to) for ads personalisation and analytics. By clicking 'Accept All', you consent to our use of cookies in accordance with our Privacy Policy. You can remove your consent at any time via our Cookie Policy. By visiting our site or clicking 'Accept All', you also agree to our Terms and Conditions.