At Avatour, we are committed to maintaining the security, integrity, and availability of our platform and customer data. Our security program includes continuous monitoring, incident response, and vulnerability management practices aligned with industry standards.
Vulnerability Disclosure
If you believe you have identified a security vulnerability in Avatour’s platform, we encourage you to report it to us responsibly.
Contact: security@avatour.com
Please include the following information in your report
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any supporting materials (e.g., screenshots, logs)
Our Commitment
- Acknowledge receipt of your report within 2 business days
- Investigate and validate reported vulnerabilities promptly
- Provide updates as appropriate during remediation
- Address confirmed vulnerabilities based on severity and impact
Responsible Disclosure Guidelines
- Avoid actions that could disrupt services or compromise user data
- Do not publicly disclose the vulnerability until it has been resolved
- Act in good faith to protect the privacy and security of our users
Vulnerability Management
Avatour maintains a vulnerability management program as part of its broader security operations. This includes:
- Continuous monitoring and detection of potential security vulnerabilities
- Severity-based prioritization aligned with industry best practices
- Timely remediation of identified vulnerabilities
- Centralized tracking and documentation through resolution
- Integration with incident response and customer communication processes
Security processes and controls are reviewed periodically to ensure alignment with evolving threats and industry standards.
Incident Response & Communication
Avatour maintains a structured incident response process to detect, respond to, and resolve security incidents.
- Security incidents are classified based on severity and impact
- Response actions follow a defined lifecycle: identification, containment, eradication, recovery, and review
- Customers are notified via email if an incident impacts their data or service
- We also publish security advisories and incident updates via our status page.
- Ongoing updates may be provided for active incidents, as appropriate