Empyrion Technologies Inc. takes the security of our systems, our clients, and the public seriously. We welcome and encourage responsible disclosure of security vulnerabilities. If you believe you have discovered a vulnerability in our website or systems, we ask that you report it to us responsibly using the guidelines below.
Please report any security concerns or suspected vulnerabilities by emailing security@empyrion.net. In your report, please include a description of the vulnerability and its potential impact, steps to reproduce the issue or a proof-of-concept, the URL or system component affected, and your contact information so we can follow up. Please encrypt sensitive reports using our PGP key if available, or request our public key by email.
When reporting vulnerabilities, we ask that you give us reasonable time to investigate and address the issue before making any public disclosure, make a good-faith effort to avoid privacy violations, data destruction, and disruption of services, do not access or modify data belonging to other users or clients, do not exploit the vulnerability beyond what is necessary to demonstrate the issue, and do not use automated scanning tools against our production systems without prior authorization.
When you report a vulnerability in good faith, we will acknowledge receipt of your report within two business days, provide an initial assessment within five business days, keep you informed of our progress in addressing the issue, not take legal action against researchers who comply with this policy, and work to remediate confirmed vulnerabilities in a timely manner based on severity.
This policy applies to the Empyrion Technologies website at empyrion.net and any publicly accessible web applications or services operated by Empyrion Technologies. Client systems, third-party services, and infrastructure not owned by Empyrion are out of scope. If you are unsure whether a system is in scope, please contact us before testing.
As a managed IT and cybersecurity services provider, security is at the core of everything we do. We maintain industry-standard security practices across our operations, including regular security assessments and penetration testing, encrypted communications and data storage, access controls and least-privilege principles, employee security awareness training, incident response planning and breach notification procedures, and compliance with Cyber Secure Canada certification requirements.
For security-related reports, email security@empyrion.net. For general inquiries, contact info@empyrion.net.