Security

We take the security of OHLCX systems and this Site seriously. If you believe you have discovered a vulnerability, please report it responsibly so we can investigate and remediate with minimal risk to users.

Scope

This process covers this public Site and OHLCX services within scope communicated in your product agreement or official security documentation. Out-of-scope issues (e.g., social engineering of individual users without a technical flaw) may be redirected to general support.

How to report

Use the security contact or escalation path published for OHLCX customers if you have one.
Include steps to reproduce, affected URLs or endpoints, timestamps, and minimal proof of concept.
Avoid accessing, modifying, destroying, or exfiltrating data beyond what is necessary to demonstrate impact.
Do not perform denial-of-service attacks or tests that degrade production availability.

What we ask of you

Give us reasonable time to fix a confirmed issue before public disclosure. Coordinate with us if you plan to publish research that references OHLCX. Encrypt sensitive attachments if your mail provider supports it.

Safe harbor

We will not pursue legal action against researchers who act in good faith, avoid privacy violations and service degradation, and give us reasonable time to fix an issue before public disclosure, subject to applicable law.