Security

We take the security of octaview and our customers' data seriously. If you believe you have found a security vulnerability, we want to hear from you.

Report a vulnerability

Email [email protected] with the details. A machine-readable pointer is published at /.well-known/security.txt per RFC 9116.

Please include:

  • A description of the issue and its potential impact.
  • Steps to reproduce (proof-of-concept, requests, or a short script).
  • The affected URL, product, or component, and any relevant versions.

We aim to acknowledge reports within two working days and to keep you updated as we investigate and remediate.

Scope

In scope:

  • The octaview website (octaview.ai) and its subdomains.
  • The octaview Studio and Edge Hub applications.

Out of scope:

  • Findings that require physical access to a customer's Edge Hub or network.
  • Denial-of-service, volumetric, or brute-force testing.
  • Reports from automated scanners without a demonstrated, exploitable impact.
  • Social engineering of our staff, customers, or suppliers.

Note that most machine data never leaves the customer's premises — it is stored locally on the on-premises Edge Hub (see our Privacy Policy) — so there is no central data store to target.

Safe harbour

We will not pursue or support legal action against anyone who, in good faith:

  • Makes a genuine effort to avoid privacy violations, data destruction, and service disruption.
  • Only interacts with accounts they own or have explicit permission to test.
  • Reports the issue to us promptly and gives us reasonable time to remediate before any public disclosure.
  • Does not exploit the issue beyond the minimum needed to demonstrate it.

We consider security research conducted under these guidelines to be authorised, and we will work with you to understand and resolve the issue quickly. Thank you for helping keep octaview and its users safe.

Encryption

We do not currently publish a PGP key. If you need to share especially sensitive details securely, mention it in your first message and we will arrange an encrypted channel.