Venvee — Security Response

We appreciate your concern

Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.

Reporting security problems

If you are a Venvee customer and your account is threatened by or under an attack such as hacking or mailbombing, send us an email at shield@venvee.com. We will respond as soon as possible and work with you to counter the attack.

Report security vulnerabilities by emailing our Security team at sec@venvee.com. We’ll review your report and get back to you as soon as we can, usually within 72 hours.

For other urgent or sensitive reports, please email our Security team at sec@venvee.com. If you feel it necessary, please provide us with a secure way to respond. We’ll respond as soon as we can. Please follow up or ping us on Twitter if you don’t hear back.

For requests that aren’t urgent or sensitive: submit an email to contact@venvee.com.

Tracking and disclosing security issues

We strive to work with security researchers to keep up with the state-of-the-art in web security. We also have a suite of static analysis and vulnerability scanning tools that automatically detect and report security vulnerabilities in our code and infrastructure to us for immediate patching. All critical, high, and medium severity vulnerabilities are issue-tracked within 48 hours of a report.

Have you discovered a security flaw that might impact our products? Please let us know. If you submit a report, here’s what will happen:

  • We’ll acknowledge your report and create a tracker item for the relevant teams in our task tracking system.

  • We’ll triage your report and determine whether it’s eligible for a bounty.

  • We’ll investigate the issue and determine how it impacts our products. We won’t disclose issues until they’ve been fully investigated and patched, but we’ll work with you to ensure we fully understand severity and impact.

  • Once the issue is resolved, we’ll post a security update along with thanks and credit for the discovery.

This process also applies to reports and findings from our security infrastructure in version control and our cloud.

Our products are built on the Next.js framework. The issue you reported might affect React, TypeScript, or some other part of our technology stack. We ask for your patience while we also make sure other companies and their customers are protected. Either way, you’ll always have a Venvee contact for your issue.