Resources
Industries
Coordinated Vulnerability
Disclosure Policy
Introduction
At NeoDay, we take the security of our products and services seriously. Despite our best efforts, vulnerabilities may exist. We welcome reports from security researchers, customers, and users who discover potential security issues in our platform, mobile apps, or SDKs.
This policy describes how to report a vulnerability to us, what you can expect from us, and what we ask of you in return.
Scope
This policy covers all NeoDay digital products and services, including:
The NeoDay platform and associated APIs (hosted on customer domains, backed by NeoDay infrastructure)
The NeoDay iOS and Android apps (including white-label variants published under customer names)
The NeoDay iOS and Android SDKs
The NeoDay website and all its subdomains (https://neoday.com and *.neoday.com)
The NeoDay developer documentation (https://docs.neoday.com)
How to Report
Please send your report to security@neoday.com with the following information:
A description of the vulnerability and the potential impact
The product or service affected
Steps to reproduce the issue, including any relevant URLs, screenshots, or proof-of-concept code
Your name and contact details (optional — anonymous reports are accepted)
Please do not share vulnerability details publicly before we have had the opportunity to investigate and address the issue.
What We Ask of You
Do not exploit the vulnerability beyond what is necessary to demonstrate it
Do not access, modify, or delete data that does not belong to you
Do not perform attacks that could impact the availability of our services (e.g. denial-of-service attacks)
Do not use social engineering, phishing, or physical attacks against NeoDay employees or infrastructure
Act in good faith and give us a reasonable amount of time to address the issue before any public disclosure
What You Can Expect from Us
We will acknowledge receipt of your report within 10 business days
We will investigate the report and keep you informed of our progress
We aim to resolve confirmed vulnerabilities within 90 days of receiving your report. We will coordinate the timing of any public disclosure with you
We will not take legal action against researchers who act in good faith and follow this policy
If you wish, we will credit you for your discovery once the vulnerability has been resolved
Legal
NeoDay will not pursue legal action against anyone who reports a vulnerability in good faith and in accordance with this policy. We consider responsible disclosure an important contribution to the security of our products and the safety of our customers.
Contact
Email: security@neoday.com
Address: Magazijnstraat 13, 5038 BR Tilburg, the Netherlands
Phone: +31 (13) 76 76 075
NeoDay B.V. Last modified: May 2026
Introduction
At NeoDay, we take the security of our products and services seriously. Despite our best efforts, vulnerabilities may exist. We welcome reports from security researchers, customers, and users who discover potential security issues in our platform, mobile apps, or SDKs.
This policy describes how to report a vulnerability to us, what you can expect from us, and what we ask of you in return.
Scope
This policy covers all NeoDay digital products and services, including:
The NeoDay platform and associated APIs (hosted on customer domains, backed by NeoDay infrastructure)
The NeoDay iOS and Android apps (including white-label variants published under customer names)
The NeoDay iOS and Android SDKs
The NeoDay website and all its subdomains (https://neoday.com and *.neoday.com)
The NeoDay developer documentation (https://docs.neoday.com)
How to Report
Please send your report to security@neoday.com with the following information:
A description of the vulnerability and the potential impact
The product or service affected
Steps to reproduce the issue, including any relevant URLs, screenshots, or proof-of-concept code
Your name and contact details (optional — anonymous reports are accepted)
Please do not share vulnerability details publicly before we have had the opportunity to investigate and address the issue.
What We Ask of You
Do not exploit the vulnerability beyond what is necessary to demonstrate it
Do not access, modify, or delete data that does not belong to you
Do not perform attacks that could impact the availability of our services (e.g. denial-of-service attacks)
Do not use social engineering, phishing, or physical attacks against NeoDay employees or infrastructure
Act in good faith and give us a reasonable amount of time to address the issue before any public disclosure
What You Can Expect from Us
We will acknowledge receipt of your report within 10 business days
We will investigate the report and keep you informed of our progress
We aim to resolve confirmed vulnerabilities within 90 days of receiving your report. We will coordinate the timing of any public disclosure with you
We will not take legal action against researchers who act in good faith and follow this policy
If you wish, we will credit you for your discovery once the vulnerability has been resolved
Legal
NeoDay will not pursue legal action against anyone who reports a vulnerability in good faith and in accordance with this policy. We consider responsible disclosure an important contribution to the security of our products and the safety of our customers.
Contact
Email: security@neoday.com
Address: Magazijnstraat 13, 5038 BR Tilburg, the Netherlands
Phone: +31 (13) 76 76 075
NeoDay B.V. Last modified: May 2026
