Security

Responsible disclosure

At Numaga and Replikate we take security seriously. Found a vulnerability in our website or platform? Please report it responsibly so we can fix it before anyone exploits it. We are glad to work with you.

Last updated: June 2026

1. How to report a vulnerability

Email your finding to security@replikate.nl with enough detail to reproduce it: what you found, the steps to it, and where relevant URLs, IP addresses, payloads or screenshots. Please share sensitive details encrypted where possible.

2. What we ask of you

Report as soon as possible after discovery and give us reasonable time to fix it before you disclose publicly.

Do not access or modify other people’s data, do not run denial-of-service, and do not use spam, social engineering or physical attacks.

Stay within the law, act in good faith, and look no further than needed to demonstrate the vulnerability.

3. What you can expect from us

We acknowledge your report as soon as possible, typically within a few business days, and keep you updated on progress.

We fix verified vulnerabilities as quickly as is responsible and coordinate disclosure timing with you.

With your consent we are happy to credit you as the reporter. We do not (yet) run a paid bug-bounty programme.

4. Safe harbour

If you report in good faith and within this policy, we consider your research authorised and will not take legal action against you.

5. Out of scope

Reports without realistic impact (such as missing best-practice headers with no working exploit), findings in third-party services, and reports that are purely automated scanner output are generally out of scope.