Security Policy

Last updated: November 4, 2025

Reporting Security Vulnerabilities

At CoNovel, we take security seriously. If you discover a security vulnerability in our platform, we appreciate your help in responsibly disclosing it to us.

Contact: security@co-novel.com

What to Include in Your Report

  • A clear description of the vulnerability
  • Step-by-step instructions to reproduce the issue
  • Potential impact assessment (severity, affected users, etc.)
  • Any proof-of-concept code or screenshots (if applicable)
  • Suggested remediation steps (optional but appreciated)
  • Your contact information for follow-up questions

Our Commitment to You

Acknowledge receipt of your report within 48 hours

Provide a detailed response within 7 days

Keep you informed of our progress throughout the remediation process

Credit you in our security acknowledgments page (if you wish)

Notify you when the issue has been resolved

Responsible Disclosure Guidelines

We kindly ask that you:

  • Give us reasonable time to investigate and fix the issue before public disclosure
  • Do not exploit the vulnerability beyond what is necessary to demonstrate it
  • Do not access, modify, or delete user data without explicit permission
  • Do not perform actions that could harm our users or degrade our service
  • Do not publicly disclose the vulnerability until we have addressed it

Scope

The following domains are in scope for security reports:

  • www.co-novel.com
  • api.co-novel.com
  • *.co-novel.com (all subdomains)

Out of Scope

The following are considered out of scope and will not be eligible for acknowledgment:

  • Social engineering attacks against CoNovel employees or users
  • Physical attacks against CoNovel infrastructure
  • Denial of Service (DoS/DDoS) attacks
  • Spam or social engineering via our platform
  • Issues in third-party applications or services not controlled by CoNovel
  • Previously known vulnerabilities or issues already reported by others

Legal Safe Harbor

CoNovel will not pursue legal action against security researchers who:

  • Follow these responsible disclosure guidelines
  • Act in good faith and do not intentionally harm our users or service
  • Do not violate any applicable laws or regulations
  • Provide us with a reasonable amount of time to address the issue

Our Security Measures

CoNovel implements industry-standard security practices including:

  • HTTPS/TLS encryption for all connections
  • Secure authentication with JWT tokens and OAuth 2.0
  • Regular security audits and vulnerability scanning
  • Automated dependency vulnerability monitoring
  • Content Security Policy (CSP) and security headers
  • Rate limiting and DDoS protection
  • Regular security training for our team

Questions?

If you have questions about our security policy or need clarification, please contact us at security@co-novel.com