Doconio
ENDE
Join early access

Security

Report a security issue

Responsible, coordinated disclosure of security vulnerabilities in the Doconio services.

The security of Doconio matters to us. If you have found a potential security vulnerability, we ask for a responsible, coordinated disclosure so we can assess and fix it before it becomes publicly known.

Contact

Please report vulnerabilities to security@doconio.com.
Machine-readable contact: /.well-known/security.txt

Scope

This policy applies to the Doconio services operated by Gallien Ventures GmbH, in particular the website doconio.com, the Doconio application, and the Doconio API. Third-party services and infrastructure, for example Microsoft Azure, are out of scope and should be reported directly to the respective provider.

What your report should include

Helpful details are a description of the vulnerability, the affected URL or feature, reproducible steps, the potential impact, and a proof of concept if available. Reports in English or German are welcome.

How we handle reports

We acknowledge receipt of your report, assess it, keep you informed of progress, and let you know once the vulnerability has been fixed. We aim to respond promptly, in line with severity and effort; we do not commit to fixed response or remediation timelines at this stage.

Safe harbor for good-faith research

If you follow this policy, act in good faith, and give us a reasonable time to remediate, we will consider your research authorized and will not pursue legal action against you. Please do not publish details until we have confirmed that the vulnerability has been fixed.

Out of scope

Please do not access other people's personal data, do not modify or delete data, and do not impair the availability of the services. In particular, denial-of-service testing, spam, social engineering, physical attacks, and automated mass testing that disrupts operation are not permitted. Do not further process any personal data you may incidentally access, and share it only with us.

Reward

We do not currently run a bug bounty program and cannot promise a monetary reward. We sincerely thank you for responsible disclosure.

This English version is provided for convenience. In case of discrepancies, the German version is authoritative.

Last updated: July 2026