At Revital, we take security seriously. We appreciate your efforts to responsibly disclose any security vulnerabilities you discover and we are committed to promptly addressing them.

To report a security vulnerability, please email us at Email with a detailed description of the vulnerability and steps to reproduce it. We kindly request that you do not publicly disclose the vulnerability until we have had sufficient time to address it.

Upon receiving a vulnerability report, we will acknowledge receipt within 3 business days. Our security team will assess the severity and impact of the reported vulnerability and prioritize accordingly.

We aim to provide updates on the progress of addressing the vulnerability within 7 business days of acknowledgment. However, the actual resolution time may vary depending on the complexity of the issue.

We follow a responsible disclosure policy, which means we strive to resolve security vulnerabilities in a timely manner and provide updates to the reporter as the situation progresses.

Once a security vulnerability has been addressed, we will release a security advisory detailing the vulnerability, its impact, and the steps taken to mitigate it.

This security policy applies to vulnerabilities discovered in the Revital project's codebase, dependencies, and associated infrastructure.

The following issues are considered out of scope:

• Denial of service (DoS) attacks
• Social engineering attacks
• Physical attacks against infrastructure or data centers
• Attacks requiring physical access to a user's device
• Issues arising from the use of outdated or unsupported browsers or platforms

We reserve the right to update this security policy at any time. By reporting a security vulnerability to us, you agree that we may contact you to request further information or clarification regarding the reported vulnerability.

Thank you for helping us keep Revital safe and secure.