Glotel Vulnerability Disclosure Policy

Glotel is committed to maintaining the security of our public-facing systems. We welcome responsible vulnerability reports from the security community and the public.

In-Scope Systems

Glotel invites reports related to:

- glotel.com

- glotelinc.com

- Any Glotel-operated subdomains

- Public-facing website infrastructure

- DNS and email authentication configurations (SPF, DKIM, DMARC)

Out of Scope

Please do not test:

- Social engineering or phishing attacks

- Denial-of-Service (DoS/DDoS) or high-volume automated scans

- Password brute forcing

- Physical security testing

- Third-party platforms not operated by Glotel

- Any attempt to access, modify, or delete data

Reporting

Email your findings to: security@glotel.com, include:

- A brief description of the issue

- Affected URL or system

- Steps to reproduce

Anonymous reports are accepted

What to Expect

- We acknowledge reports within 3 business days.

- We will provide updates as we investigate and remediate the issue.

- We do not offer monetary rewards or public recognition listings.

Coordinated Disclosure

We request that you refrain from publicly disclosing a vulnerability for 90 days after we acknowledge your report unless we mutually agree otherwise.

Safe Harbor

If you follow this policy and act in good faith, Glotel considers your research authorized and will not pursue legal action for in-scope testing conducted responsibly.