Security

Vulnerability Handling &
Disclosure Policy

We take security seriously. If you've found a vulnerability in our products or services, we want to work with you to resolve it quickly and responsibly.

Security Email
security@simplinx.com
For all vulnerability reports
Response Time
72 Hours
Initial acknowledgement SLA
Disclosure Window
Up to 60 Days
Reduced for Critical severity vulnerabilities
How It Works

The Disclosure Process

1
Discover & Document

Document the vulnerability clearly: what it is, how to reproduce it, which product/version is affected, and what the potential impact could be. Screenshots or proof-of-concept code are helpful.

Your responsibility
2
Send a Confidential Report

Email your report to security@simplinx.com. We strongly encourage using our PGP public key to encrypt your submission (key available upon request). Please do not publicly disclose or discuss the vulnerability before we've had the opportunity to address it.

Up to 60-day confidentiality window
3
We Acknowledge Within 72 Hours

Our security team will confirm receipt of your report within 72 hours and begin initial verification. We'll keep you informed throughout the investigation process.

72-hour SLA
4
Coordinated Resolution

We work with you to understand the full impact, develop a fix, and validate it. We'll share our timeline openly and notify you before any public disclosure.

Collaborative process
5
Public Disclosure

Once the fix is released, we publish a security advisory on this site. With your permission, we'll credit you by name in the published security advisory.

Credit & recognition
Scope

What's In & Out of Scope

In Scope

  • www.simplinx.com and www.simplinx.net
  • All Simplinx SMX product firmware
  • Simplinx cloud services and backend infrastructure
  • Simplinx management software and web interfaces

Out of Scope

  • Social engineering, phishing, or physical attacks
  • Products or systems not listed in scope
  • UI/UX issues, spelling errors, or non-security bugs
  • Network-level DoS / DDoS vulnerabilities
  • Findings in third-party services not controlled by Simplinx
Researcher Protections

Good-Faith Researchers Are Safe

  • No legal action against good-faith security research
  • Collaborative resolution — you're part of the process
  • Public credit in security advisory (with permission)
  • Clear communication throughout the investigation
Report Checklist

What to Include in Your Report

  • Vulnerability description and potential impact
  • Affected product(s) and firmware version(s)
  • Step-by-step reproduction instructions
  • Proof-of-concept code or screenshots (if applicable)
  • Your name or alias for credit
PGP Public Key

security@simplinx.com

Fingerprint: 51AF F74F FB2B 2709 6058 4582 EC26 8BBB C1C4 E275 Download .asc 
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBF/HRxYBDADYxBEvVpm3+nA7pd8rYQ/ODvQ1vzJiZGetE4stNCBx0Q1uud62
BPjAhf8nuXzThKw/lnj2eImyc8QIFF+sZ8Ybo4K/HavVqK3/pTrHgeNNYzp9oz8g
BzSOlQmp5A+wSzQVh95yOoqjQyKGD6BVvv84LAbwLik5fZazIjynJVj5gcaZXGyf
zjeuRD4LrQdRGD/KJ3CvlzxyPmCBuBOaO1aE+b0vJIzT5EUIk+3lhm39L39glEpN
s8xMjYm8hsE12zlWZ0chseYEZYoL7W8//iFC4O50bIsKupmMTMD3NpZIDHQqLsaf
BvbrmtsNnYXYb8Z06b3g0qhGmT2O7Of4ZHXlotRMRDr5BDBAeutcT/znEOQtM1KM
WlxogqtP7/5hT2e4g07XNC3H+3Q9pGvVP8UdQLL2qavS6I1PMR0TBthtTXnkRy8k
uCOtAwBfap/oXlTUaQ9Is38iyvXvls39U6vxrXR4CQlJaYFuOvNVvNtKSH4umPHa
cVWccXhv1qD0UpMAEQEAAbQpU2ltcGxpbnggU2VjdXJpdHkgPHNlY3VyaXR5QHNp
bXBsaW54LmNvbT6JAc4EEwEKADgWIQRRr/dP+ysnCWBYRYLsJou7wcTidQUCX8dH
FgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDsJou7wcTidXM9C/9bVulD
9CL08TVgP8/tMOGbmdgByxvS3jg52gQsO1lnqEQjBuE/sIMe6rwB3K3GaNrbPR8L
fY8dGU0jAAZ0Kd4q9fXVfcTBVFuxIxTrvpe2A8BulMHbIJhypjsWbxymbpeFNJOE
r4ICfvubX5PdEL/yq2PWrBhLQd2iQGdsoTXFFUbkhlsx0tbgsJAZR6yAJu0aw8Mz
a7/ie/Oa6sC6lMpNso4nMggLhMZzJINBO4BOL1qaKsF6UIcKyDxInXo4QIfYkll+
47kY7pBAXvQ0bwghti+utLj/tepUGg2uo+EwtTb2/qVH5QSP5/7lEx3Z6S7SBKtI
XCrEdU7bR4hYtG/U3LgxzhEQq6ol+oG9VjHlh122Dkav1urdY6JFig/nSB3NFk8f
YzkgM6/wyjBao86pTKGakYAFUCykyNUPgyDn5GdY5Av9kSQWKks3RaeIZPWYpAHr
KvgY5QWBH9mRwFdTNrRWHmmZ/QqfFMt8mbo80tW0ZjbqAfXZnfpPsexmRcS5AY0E
X8dHFgEMALQbkW+jW80XNi/FRnq9Opjjr8QEG0blIqYfCUkFcb8rjqgscAjNaGd4
8B3aAlYJCSxb/ADb028ZUA59+zTR4L1r8aBxoNdrxuO+N6puVGD0VOVe1+kK4iU5
XYt9B3FgdnPxRw+7M3j+7bQE9q13gw3aeoK3bZybq1PqymLuMtJbdfKDSZoMVLuh
0Hp6vWwPjfrdGfHwCWTOE0KitJ5vhRAtkUSgZD44lkgq/uSqp2akqr/I+OHeq65n
X6g2VY1gVeNGAgd4eJjDHFRz63ScD33vQxLjsrJFv77ktRB+K9+s2k/hSlog3VVx
aMQDfyGdy6ZtiV/RHMApa04tnHjYIlPpn4R6EQy6okYhx0OeWeuwfMSEEilK/Njd
KpXvImoI7YQZKkwmVEFROQiU0Oon5heKa2Vy5pfJbquB6GNN0wbWWcEzP+quUOAN
3aKO64l0khDkKEKUCFXCQIP8Av1SCkrxTSZi17xxkyq5Y9gx7nuxW845RNRHxIlW
8bexIKk3qwARAQABiQG2BBgBCgAgFiEEUa/3T/srJwlgWEWC7CaLu8HE4nUFAl/H
RxYCGwwACgkQ7CaLu8HE4nV75Av9FzcAJRmdCq16kG+IndaIyeZw99QPNv4o0umG
eA3EA66B8bFoFOZWOOiKIPoN4ltFXLu7jOqS8BWXo6t+YUJBQV/YwKaxm8v5/Mfx
YKeZPXRRARGQxrNKNy6lk/OwLcYfWSJFwe4F8td8tR/fv8hzfQEhqnxL4f98cH7F
hWDOBKn2UG+J1Lqw2EMZ4HetVCjjpNfztabqRusVODAyYQ7mNSIBzxesTp4Xs5vQ
rHl0TqwCW4H09hScEctjvejugMAGPqP5LoaN0EXP1voQ5rDDgHDtpbxQuPo5HmYB
5ZeBp38EQqUDzIE8fgzHMcyrR946MW8yJ5vOXvE2McfeUq2ctnEWILG/qL89/uhL
jxl2S39EdGVQeusXQxN+IbwVo8af/H2JPtbDKQe0UGDoiePo33Lh2DFeky7AXkzN
ZlL9pY497Mxwq61AY9IW0LdlKRfMm/xSS9f20jJiBQDzAdO7+QXMbiYLld8A2phI
9Y3EZuKFeOHV8VyMksJEWqHIuXeS
=fTL+
-----END PGP PUBLIC KEY BLOCK-----
Report a Vulnerability

Send encrypted reports to our security team. We recommend using our PGP public key to protect sensitive vulnerability details in transit. The full public key is listed below. Policy version 1.1 — May 2026.