Security and vulnerability disclosure

Email: security@voicelabs.nl

Include, if possible: affected URL or component, steps to reproduce, impact, and any proof-of-concept details that help us validate the issue.

We consider security research conducted in good faith to be authorized when it follows these guidelines:

• Do not access or modify customer data beyond what is necessary to demonstrate impact.
• Do not degrade service availability (no DDoS, stress tests, or volumetric scanning).
• Do not use social engineering, phishing, or physical intrusion.
• Provide us a reasonable time window to remediate before public disclosure.

At this time, Voicelabs does not run a paid bug bounty program. We will acknowledge valid reports and work with you on a disclosure timeline.

We aim to respond within 5 business days and to remediate confirmed vulnerabilities as quickly as practical based on severity.