{"id":27564121,"date":"2026-02-04T13:02:12","date_gmt":"2026-02-04T13:02:12","guid":{"rendered":"https:\/\/immertwin.com\/?page_id=27564121"},"modified":"2026-04-27T16:05:40","modified_gmt":"2026-04-27T16:05:40","slug":"security-responsible-disclosure","status":"publish","type":"page","link":"https:\/\/immertwin.com\/en\/legal\/security-responsible-disclosure\/","title":{"rendered":"Security &#038; Responsible Disclosure"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;section&#8221; _builder_version=&#8221;4.27.4&#8243; custom_margin=&#8221;0px||0px||false|false&#8221; custom_padding=&#8221;0px||0px||false|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row admin_label=&#8221;row&#8221; _builder_version=&#8221;4.27.4&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221; custom_margin=&#8221;10px||0px||false|false&#8221; custom_padding=&#8221;0px||0px||false|false&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.16&#8243; custom_padding=&#8221;|||&#8221; global_colors_info=&#8221;{}&#8221; custom_padding__hover=&#8221;|||&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_text _builder_version=&#8221;4.27.4&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<\/p>\n<div class=\"flex flex-col text-sm pb-25\">\n<article class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:357d962c-4bc0-445e-90cb-99f2b5e65c8f-74\" data-testid=\"conversation-turn-144\" data-scroll-anchor=\"true\" data-turn=\"assistant\" tabindex=\"-1\">\n<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:--spacing(4)] @w-sm\/main:[--thread-content-margin:--spacing(6)] @w-lg\/main:[--thread-content-margin:--spacing(16)] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\" tabindex=\"-1\">\n<div class=\"flex max-w-full flex-col grow\">\n<div data-message-author-role=\"assistant\" data-message-id=\"5e897ca2-e146-4ea6-b154-5d636977d968\" dir=\"auto\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal [.text-message+&amp;]:mt-1\" data-message-model-slug=\"gpt-5-2-thinking\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden first:pt-[1px]\">\n<div class=\"markdown prose dark:prose-invert w-full wrap-break-word dark markdown-new-styling\">\n<h2 data-start=\"0\" data-end=\"49\">Security &amp; Responsible Disclosure &#8211; ImmerTwin\u2122<\/h2>\n<p data-start=\"51\" data-end=\"126\"><strong data-start=\"51\" data-end=\"70\">Effective date:<\/strong> 01 February 2026<br data-start=\"87\" data-end=\"90\" \/><strong data-start=\"90\" data-end=\"107\">Last updated:<\/strong> 01 February 2026<\/p>\n<p data-start=\"128\" data-end=\"272\">ImmerTwin\u2122 takes security seriously. This Security &amp; Responsible Disclosure statement explains how to report security vulnerabilities affecting:<\/p>\n<ul data-start=\"273\" data-end=\"410\">\n<li data-start=\"273\" data-end=\"315\">\n<p data-start=\"275\" data-end=\"315\"><strong data-start=\"275\" data-end=\"292\">immertwin.com<\/strong> (the \u201cWebsite\u201d), and<\/p>\n<\/li>\n<li data-start=\"316\" data-end=\"410\">\n<p data-start=\"318\" data-end=\"410\"><strong data-start=\"318\" data-end=\"341\">tours.immertwin.com<\/strong> (the \u201cTours Site\u201d),<br data-start=\"361\" data-end=\"364\" \/>together referred to as the \u201cOnline Services\u201d.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"412\" data-end=\"536\">If you believe you have found a security vulnerability, please report it responsibly so we can investigate and remediate it.<\/p>\n<p data-start=\"538\" data-end=\"658\"><strong data-start=\"538\" data-end=\"559\">Security contact:<\/strong> <strong data-start=\"560\" data-end=\"585\"><a data-start=\"562\" data-end=\"583\" class=\"decorated-link cursor-pointer\" rel=\"noopener\">contact@immertwin.com<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20\" height=\"20\" aria-hidden=\"true\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><use href=\"\/cdn\/assets\/sprites-core-c9exbsc1.svg#304883\" fill=\"currentColor\"><\/use><\/svg><\/span><\/a><\/strong><br data-start=\"585\" data-end=\"588\" \/>(Use the subject line: <strong data-start=\"611\" data-end=\"657\">\u201cSecurity Report \u2013 Responsible Disclosure\u201d<\/strong>)<\/p>\n<hr data-start=\"660\" data-end=\"663\" \/>\n<h3 data-start=\"665\" data-end=\"677\">1) Scope<\/h3>\n<p data-start=\"678\" data-end=\"769\">This policy covers security vulnerabilities that may impact the Online Services, including:<\/p>\n<ul data-start=\"770\" data-end=\"978\">\n<li data-start=\"770\" data-end=\"845\">\n<p data-start=\"772\" data-end=\"845\">website pages, forms, and authentication\/access controls (where present),<\/p>\n<\/li>\n<li data-start=\"846\" data-end=\"912\">\n<p data-start=\"848\" data-end=\"912\">tour pages and access restrictions (public\/unlisted\/restricted),<\/p>\n<\/li>\n<li data-start=\"913\" data-end=\"978\">\n<p data-start=\"915\" data-end=\"978\">configuration and integrations that materially affect security.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"980\" data-end=\"1199\">Third-party platforms and services integrated into the Online Services may have their own security programmes. If an issue is clearly within a third-party system, we may direct you to report it to the relevant provider.<\/p>\n<hr data-start=\"1201\" data-end=\"1204\" \/>\n<h3 data-start=\"1206\" data-end=\"1242\">2) How to report a vulnerability<\/h3>\n<p data-start=\"1243\" data-end=\"1280\">Email <strong data-start=\"1249\" data-end=\"1274\"><a data-start=\"1251\" data-end=\"1272\" class=\"decorated-link cursor-pointer\" rel=\"noopener\">contact@immertwin.com<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20\" height=\"20\" aria-hidden=\"true\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><use href=\"\/cdn\/assets\/sprites-core-c9exbsc1.svg#304883\" fill=\"currentColor\"><\/use><\/svg><\/span><\/a><\/strong> with:<\/p>\n<ul data-start=\"1281\" data-end=\"1688\">\n<li data-start=\"1281\" data-end=\"1303\">\n<p data-start=\"1283\" data-end=\"1303\">the affected URL(s),<\/p>\n<\/li>\n<li data-start=\"1304\" data-end=\"1360\">\n<p data-start=\"1306\" data-end=\"1360\">a clear description of the issue and potential impact,<\/p>\n<\/li>\n<li data-start=\"1361\" data-end=\"1436\">\n<p data-start=\"1363\" data-end=\"1436\">step-by-step reproduction instructions (proof of concept where possible),<\/p>\n<\/li>\n<li data-start=\"1437\" data-end=\"1484\">\n<p data-start=\"1439\" data-end=\"1484\">what you expected to happen vs what happened,<\/p>\n<\/li>\n<li data-start=\"1485\" data-end=\"1539\">\n<p data-start=\"1487\" data-end=\"1539\">any screenshots or logs that help explain the issue,<\/p>\n<\/li>\n<li data-start=\"1540\" data-end=\"1581\">\n<p data-start=\"1542\" data-end=\"1581\">your environment (device, OS, browser),<\/p>\n<\/li>\n<li data-start=\"1582\" data-end=\"1640\">\n<p data-start=\"1584\" data-end=\"1640\">whether you believe data may be exposed (and what type),<\/p>\n<\/li>\n<li data-start=\"1641\" data-end=\"1688\">\n<p data-start=\"1643\" data-end=\"1688\">your preferred contact details for follow-up.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1690\" data-end=\"1829\">Please avoid sending sensitive personal data unless it is strictly necessary to demonstrate the issue, and only include the minimum needed.<\/p>\n<hr data-start=\"1831\" data-end=\"1834\" \/>\n<h3 data-start=\"1836\" data-end=\"1902\">3) What we ask you to do (responsible disclosure expectations)<\/h3>\n<p data-start=\"1903\" data-end=\"1919\">We ask that you:<\/p>\n<ul data-start=\"1920\" data-end=\"2350\">\n<li data-start=\"1920\" data-end=\"1964\">\n<p data-start=\"1922\" data-end=\"1964\">act in good faith and minimise disruption,<\/p>\n<\/li>\n<li data-start=\"1965\" data-end=\"2042\">\n<p data-start=\"1967\" data-end=\"2042\">only test against accounts\/data you own or have explicit permission to use,<\/p>\n<\/li>\n<li data-start=\"2043\" data-end=\"2114\">\n<p data-start=\"2045\" data-end=\"2114\">stop testing once you have confirmed the presence of a vulnerability,<\/p>\n<\/li>\n<li data-start=\"2115\" data-end=\"2197\">\n<p data-start=\"2117\" data-end=\"2197\">give us reasonable time to investigate and remediate before disclosing publicly,<\/p>\n<\/li>\n<li data-start=\"2198\" data-end=\"2279\">\n<p data-start=\"2200\" data-end=\"2279\">do not exploit the vulnerability beyond what is necessary to confirm it exists,<\/p>\n<\/li>\n<li data-start=\"2280\" data-end=\"2350\">\n<p data-start=\"2282\" data-end=\"2350\">do not access, download, modify, or delete data belonging to others.<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"2352\" data-end=\"2355\" \/>\n<h3 data-start=\"2357\" data-end=\"2385\">4) What is not permitted<\/h3>\n<p data-start=\"2386\" data-end=\"2433\">To protect our users and systems, you must not:<\/p>\n<ul data-start=\"2434\" data-end=\"2855\">\n<li data-start=\"2434\" data-end=\"2509\">\n<p data-start=\"2436\" data-end=\"2509\">perform denial-of-service (DoS\/DDoS) tests or other availability attacks,<\/p>\n<\/li>\n<li data-start=\"2510\" data-end=\"2575\">\n<p data-start=\"2512\" data-end=\"2575\">use social engineering, phishing, or physical security attacks,<\/p>\n<\/li>\n<li data-start=\"2576\" data-end=\"2640\">\n<p data-start=\"2578\" data-end=\"2640\">attempt credential stuffing, brute force, or password attacks,<\/p>\n<\/li>\n<li data-start=\"2641\" data-end=\"2702\">\n<p data-start=\"2643\" data-end=\"2702\">use automated scanning that materially impacts performance,<\/p>\n<\/li>\n<li data-start=\"2703\" data-end=\"2780\">\n<p data-start=\"2705\" data-end=\"2780\">exfiltrate data, copy large volumes of content, or scrape restricted tours,<\/p>\n<\/li>\n<li data-start=\"2781\" data-end=\"2855\">\n<p data-start=\"2783\" data-end=\"2855\">make changes to data you do not own or do not have permission to change.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2857\" data-end=\"2946\">If you are unsure whether a test is permitted, ask us first at <strong data-start=\"2920\" data-end=\"2945\"><a data-start=\"2922\" data-end=\"2943\" class=\"decorated-link cursor-pointer\" rel=\"noopener\">contact@immertwin.com<span aria-hidden=\"true\" class=\"ms-0.5 inline-block align-middle leading-none\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20\" height=\"20\" aria-hidden=\"true\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><use href=\"\/cdn\/assets\/sprites-core-c9exbsc1.svg#304883\" fill=\"currentColor\"><\/use><\/svg><\/span><\/a><\/strong>.<\/p>\n<hr data-start=\"2948\" data-end=\"2951\" \/>\n<h3 data-start=\"2953\" data-end=\"2996\">5) Coordinated disclosure and timelines<\/h3>\n<p data-start=\"2997\" data-end=\"3007\">We aim to:<\/p>\n<ul data-start=\"3008\" data-end=\"3191\">\n<li data-start=\"3008\" data-end=\"3065\">\n<p data-start=\"3010\" data-end=\"3065\">acknowledge your report as soon as reasonably possible,<\/p>\n<\/li>\n<li data-start=\"3066\" data-end=\"3130\">\n<p data-start=\"3068\" data-end=\"3130\">assess severity and confirm whether the issue is reproducible,<\/p>\n<\/li>\n<li data-start=\"3131\" data-end=\"3191\">\n<p data-start=\"3133\" data-end=\"3191\">work on remediation and keep you informed where practical.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"3193\" data-end=\"3438\">Remediation timelines vary depending on complexity, severity, and whether third-party providers are involved. Where appropriate, we may request that you keep the report confidential until a fix or mitigation is in place (coordinated disclosure).<\/p>\n<hr data-start=\"3440\" data-end=\"3443\" \/>\n<h3 data-start=\"3445\" data-end=\"3486\">6) Safe harbour (good-faith research)<\/h3>\n<p data-start=\"3487\" data-end=\"3543\">We will not pursue legal action against researchers who:<\/p>\n<ul data-start=\"3544\" data-end=\"3678\">\n<li data-start=\"3544\" data-end=\"3565\">\n<p data-start=\"3546\" data-end=\"3565\">follow this policy,<\/p>\n<\/li>\n<li data-start=\"3566\" data-end=\"3586\">\n<p data-start=\"3568\" data-end=\"3586\">act in good faith,<\/p>\n<\/li>\n<li data-start=\"3587\" data-end=\"3641\">\n<p data-start=\"3589\" data-end=\"3641\">avoid privacy violations and service disruption, and<\/p>\n<\/li>\n<li data-start=\"3642\" data-end=\"3678\">\n<p data-start=\"3644\" data-end=\"3678\">do not exploit the issue for gain.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"3680\" data-end=\"3837\">This does not authorise testing that is illegal or that violates the rights of others. This statement applies only to the extent permitted by applicable law.<\/p>\n<hr data-start=\"3839\" data-end=\"3842\" \/>\n<h3 data-start=\"3844\" data-end=\"3884\">7) Confidentiality and data handling<\/h3>\n<p data-start=\"3885\" data-end=\"4121\">We treat vulnerability reports as confidential. We may share details only as necessary to investigate and remediate (for example, with hosting providers, platform partners, or security consultants), and only with appropriate safeguards.<\/p>\n<p data-start=\"4123\" data-end=\"4239\">If personal data is involved, we may take additional steps consistent with our Privacy Policy and legal obligations.<\/p>\n<hr data-start=\"4241\" data-end=\"4244\" \/>\n<h3 data-start=\"4246\" data-end=\"4264\">8) Recognition<\/h3>\n<p data-start=\"4265\" data-end=\"4423\">We may acknowledge security reporters (for example, by name) in release notes or a thank-you message, subject to your permission and the nature of the report.<\/p>\n<hr data-start=\"4425\" data-end=\"4428\" \/>\n<h3 data-start=\"4430\" data-end=\"4462\">9) Changes to this statement<\/h3>\n<p data-start=\"4463\" data-end=\"4610\">We may update this Security &amp; Responsible Disclosure statement from time to time. The \u201cLast updated\u201d date at the top indicates the current version.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"z-0 flex min-h-[46px] justify-start\"><\/div>\n<div class=\"mt-3 w-full empty:hidden\">\n<div class=\"text-center\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n<\/div>\n<div aria-hidden=\"true\" data-edge=\"true\" class=\"pointer-events-none h-px w-px absolute bottom-0\"><\/div>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security &amp; Responsible Disclosure &#8211; ImmerTwin\u2122 Effective date: 01 February 2026Last updated: 01 February 2026 ImmerTwin\u2122 takes security seriously. This Security &amp; Responsible Disclosure statement explains how to report security vulnerabilities affecting: immertwin.com (the \u201cWebsite\u201d), and tours.immertwin.com (the \u201cTours Site\u201d),together referred to as the \u201cOnline Services\u201d. If you believe you have found a security vulnerability, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":27564081,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"dipi_cpt_category":[106],"class_list":["post-27564121","page","type-page","status-publish","hentry","dipi_cpt_category-legal"],"aioseo_notices":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/pages\/27564121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/comments?post=27564121"}],"version-history":[{"count":4,"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/pages\/27564121\/revisions"}],"predecessor-version":[{"id":27564125,"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/pages\/27564121\/revisions\/27564125"}],"up":[{"embeddable":true,"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/pages\/27564081"}],"wp:attachment":[{"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/media?parent=27564121"}],"wp:term":[{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/immertwin.com\/en\/wp-json\/wp\/v2\/dipi_cpt_category?post=27564121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}