Security & Responsible Disclosure Policy

TixEvery welcomes good-faith reports of security vulnerabilities that could affect the platform, customers or organisers.

How to report

Please email hello@tixevery.com with a clear subject such as Security disclosure, a description of the issue, reproduction steps, affected URLs or accounts, and any safe proof of concept. Do not include unnecessary personal data.

Permitted research

Good-faith testing should be limited, non-destructive and designed to confirm a vulnerability without disrupting service or accessing data that is not yours.

Prohibited activity

Do not perform denial-of-service testing, social engineering, phishing, spam, physical attacks, malware deployment, credential theft, payment abuse, data exfiltration, persistence, lateral movement or unauthorised access to customer, organiser or TixEvery data.

Safe-harbour intent

Where you act in good faith, comply with this policy, avoid privacy harm and report promptly, TixEvery's intention is to work with you constructively and not pursue action for the security research itself. This statement is not legal advice and remains subject to legal review and applicable law.

Remediation and disclosure

We may ask for additional information, prioritise fixes based on risk and request that details are not publicly disclosed until a reasonable remediation period has passed.