Calenso Vulnerability Disclosure Policy (VDP)

At Calenso, the security and reliability of our customers' data is our top priority. We strive to develop our products and services with the best security standards. This policy explains how we deal with indications of possible vulnerabilities and errors in our products and services.

We value the expertise and commitment of the IT security community and appreciate your efforts to identify vulnerabilities or bugs.

Who can report? 

Whether you are a customer, user, researcher or hacker - we invite you to report vulnerabilities and bugs in our products and public services. Your help makes Calenso safer for everyone.

Report vulnerabilities

The preferred method for reporting vulnerabilities or errors is our online form. You decide whether to provide your contact details - anonymous reports will also be considered. If you do provide your contact details, we will only use them to clarify any details of your report.

Your commitment

• You comply with this policy and the applicable laws.
• You report discovered vulnerabilities immediately.
• You do not exploit discovered vulnerabilities except for the purpose of reporting them to Calenso.
• You do not access, delete, change or destroy any data.
• You do not carry out social engineering attacks, spam, phishing, denial of service or similar attacks.
• You are not testing the physical security of our facilities.
• You do not share any information about your report with third parties and do not expect any rewards or other benefits.

Our promise

• We will confirm receipt of your report promptly.
• We will enter into an open dialog to discuss your message.
• As far as possible, we provide an estimated timeline for fixing the vulnerability.

Every report submitted helps us to further improve security at Calenso. We thank all security researchers and white-hat hackers for their valuable contributions. You can also contact us directly at datenschutz@calenso.com.