Responsible Disclosure Policy

Last Updated: 13 November 2025

Purpose

At Immersve, we are committed to the security of our platform and the privacy of our users. This policy allows external security researchers to responsibly report vulnerabilities in our systems.

Scope

This policy applies to Immersve’s core platform and information security infrastructure. It is intended for use by third-party security researchers and members of the wider security community.

Background

Immersve values the contributions of the security community and encourages responsible reporting of potential vulnerabilities. We aim to foster a trusted partnership with researchers and believe their input helps us improve the safety and security of our products and services.

Legal Posture

Immersve will not pursue legal action against individuals who:

• Conduct security testing without harming Immersve or its users.
• Follow the scope and guidelines of our disclosure program.
• Avoid affecting customer data or systems.
• Comply with local laws and regulations.
• Do not disclose vulnerability details publicly before an agreed-upon timeframe.

How to Submit a Vulnerability

To report a vulnerability, please contact our Product Security Team via email:
privacy@immersve.com

What We Appreciate in a Report

• Clear, well-written descriptions in English.
• Proof-of-concept code if available.
• Details on how the vulnerability was found, its impact, and any suggested fixes.
• Information about public disclosure plans, if any.

What You Can Expect from Us

• A response within 5 business days.
• A transparent timeline for triage and remediation.
• Open communication throughout the process.
• Credit after validation and resolution of the vulnerability.

If needed, a neutral third party may be engaged to assist in resolving complex submissions.

Thank you for helping us keep Immersve secure!