Responsible Disclosure

Sovel takes security and reviewer trust seriously. If you find a vulnerability — in this marketing site, in the Sovel reviewer app (when available to you under a pilot), or in any related infrastructure — please tell us before disclosing it publicly.

How to report

Email bklement@usesovel.com with the subject line SECURITY: followed by a one-line summary. Include reproduction steps and the URL or component affected.

What you can expect

• Acknowledgement within two working days.
• An honest assessment of severity and a target remediation window.
• Public credit for the report if you want it (and silence if you don't).

Good-faith safe harbor

Sovel will not pursue legal action against researchers who report vulnerabilities in good faith, who do not exfiltrate customer data, who do not degrade service for other users, and who give us a reasonable window to remediate before public disclosure.