Responsible Disclosure
Last updated: July 2026
Evoleen Technology GmbH takes the security of Projo Health and of projo-health.com seriously. We welcome responsible disclosure of security vulnerabilities from researchers, users, and the public.
1. Reporting a vulnerability
If you believe you have identified a security vulnerability in Projo Health or on projo-health.com, please report it to us at [email protected] with the subject line "Responsible Disclosure".
Please include:
- A description of the vulnerability and its potential impact.
- Steps to reproduce the issue, including any proof-of-concept.
- Your contact information so we can follow up.
2. Guidelines
- Do not access, modify, or delete data that does not belong to you.
- Do not degrade the availability of the service for other users.
- Do not publicly disclose the vulnerability before we have had a reasonable opportunity to investigate and remediate.
- Act in good faith and within applicable law.
3. Our commitment
We will acknowledge receipt of your report within 5 business days, provide a preliminary assessment within 30 days, and keep you informed of remediation progress. We will not pursue legal action against reporters who follow these guidelines in good faith.
4. Scope
This policy covers projo-health.com and the Projo Health product. It does not cover the Fire Arrow Server product, which is governed by its own responsible disclosure policy.