Vulnerability Disclosure Policy
Last Updated: March 2026
1. Introduction
SupportHub (operated by TeleCetli Kft.) is dedicated to preserving data security by preventing unauthorized disclosure of information. This policy was created to provide security researchers with instructions for conducting vulnerability discovery activities and to provide information on how to report vulnerabilities that have been discovered. This policy explains which systems and types of activity are covered, how to submit vulnerability reports, and how long we require you to wait before publicly reporting vulnerabilities identified.
2. Guidelines
We request that you:
3. Authorization
Security research carried out in conformity with this policy is deemed permissible. We'll work with you to swiftly understand and fix the problem, and TeleCetli Kft. will not suggest or pursue legal action in connection with your research conducted in good faith and compliance with this policy.
4. Scope
This policy applies to the following systems and services:
4.1 Out of Scope
Any service that isn't explicitly specified above, such as related services, is out of scope and isn't allowed to be tested. Vulnerabilities discovered in third-party solutions SupportHub interacts with (such as Azure OpenAI, Keycloak, Neo4j, Stripe, etc.) are not covered by this policy and should be reported directly to the solution vendor in accordance with their disclosure policy.
Note: Before beginning your inquiry, email us at [email protected] if you're unsure whether a system or endpoint is in scope.
5. Types of Testing
The following test types are **not authorized**:
6. Reporting a Vulnerability
To report any security flaws, send an email to:
Subject: [SECURITY] Vulnerability Report
We'll acknowledge receipt of your vulnerability report within the next business day and keep you updated on our progress. Reports can be submitted anonymously if you prefer, though providing contact information allows us to communicate with you about the issue.
7. Desirable Information
In order to process and react to a vulnerability report effectively, we recommend including the following information:
If possible, please provide your report in English or Hungarian.
8. Our Commitment
If you choose to provide your contact information, we promise to communicate with you in a transparent and timely manner:
9. Recognition
We appreciate the security research community's efforts in helping us maintain a secure platform. While we do not currently offer a bug bounty program, we are happy to publicly recognize researchers who responsibly disclose vulnerabilities (with your permission).
10. Contact Information
Security Contact: [email protected]
Security Officer: Tamas Szilagyi
TeleCetli Kft.
7634 Pecs, Darazs dulo 70., Hungary