Responsible Disclosure Policy

Last Updated: April 3, 2026

Empyrion Technologies Inc. takes the security of our systems, our clients, and the public seriously. We welcome and encourage responsible disclosure of security vulnerabilities. If you believe you have discovered a vulnerability in our website or systems, we ask that you report it to us responsibly using the guidelines below.

How to Report a Vulnerability

Please report any security concerns or suspected vulnerabilities by emailing security@empyrion.net. In your report, please include a description of the vulnerability and its potential impact, steps to reproduce the issue or a proof-of-concept, the URL or system component affected, and your contact information so we can follow up. Please encrypt sensitive reports using our PGP key if available, or request our public key by email.

What We Ask of You

When reporting vulnerabilities, we ask that you give us reasonable time to investigate and address the issue before making any public disclosure, make a good-faith effort to avoid privacy violations, data destruction, and disruption of services, do not access or modify data belonging to other users or clients, do not exploit the vulnerability beyond what is necessary to demonstrate the issue, and do not use automated scanning tools against our production systems without prior authorization.

What You Can Expect from Us

When you report a vulnerability in good faith, we will acknowledge receipt of your report within two business days, provide an initial assessment within five business days, keep you informed of our progress in addressing the issue, not take legal action against researchers who comply with this policy, and work to remediate confirmed vulnerabilities in a timely manner based on severity.

Scope

This policy applies to the Empyrion Technologies website at empyrion.net and any publicly accessible web applications or services operated by Empyrion Technologies. Client systems, third-party services, and infrastructure not owned by Empyrion are out of scope. If you are unsure whether a system is in scope, please contact us before testing.

Our Security Commitment

As a managed IT and cybersecurity services provider, security is at the core of everything we do. We maintain industry-standard security practices across our operations, including regular security assessments and penetration testing, encrypted communications and data storage, access controls and least-privilege principles, employee security awareness training, incident response planning and breach notification procedures, and compliance with Cyber Secure Canada certification requirements.

Contact

For security-related reports, email security@empyrion.net. For general inquiries, contact info@empyrion.net.