Security &
Disclosure Policy
Redux Limited is committed to maintaining the security and privacy of our systems and our clients' data.
How to Report
- • Email: support@redux.nz
- • Contact form: redux.nz/contact
- • Mark your communication as "SECURITY VULNERABILITY REPORT"
Security through collaboration — Haumarutanga mā te mahi tahi
What to Include
Detailed Description
Clear explanation of the vulnerability
Reproduction Steps
How to reproduce the issue
Impact Assessment
Potential severity and impact
Supporting Evidence
Screenshots, logs, or other proof
Our Commitment
We will respond to your report within 48 hours
We will keep you informed throughout the resolution process
We will work with you to understand and resolve the issue
We will provide credit for responsible disclosure (with your permission)
Policy Scope
This policy applies to all Redux Limited systems, including:
Please Do
- • Report vulnerabilities as soon as possible
- • Provide sufficient detail to reproduce the issue
- • Keep the vulnerability confidential until resolved
- • Use only your own accounts for testing
- • Avoid disrupting our services or accessing client data
Please Don't
- • Access, modify, or delete client data
- • Perform actions that could harm our systems
- • Publicly disclose before resolution
- • Use automated scanners without approval
- • Engage in social engineering attacks
Legal Safe Harbour
Redux Limited supports security research conducted in accordance with this policy. We will not pursue legal action against researchers who:
Follow the guidelines outlined in this policy
Report vulnerabilities responsibly
Avoid causing harm to our systems or users
Do not access or retain client data
This security policy may be updated from time to time. Last updated: July 2025
Kia ora and thank you for helping us maintain secure systems for our clients and the broader community.