Security
At Envo, we take security seriously and work continuously on it. Envo operates according to an established Information Security Management System (ISMS) based on the ISO 27001 standard.

Discovered a vulnerability?
We consider the security of our systems a high priority. But no matter how much effort we put into system security, security vulnerabilities may still occur.
If you discover a vulnerability, we would like to know about it so that we can take steps to resolve it as quickly as possible. We kindly ask you to help us better protect our customers and our systems.

How to submit a report
- Provide information about your findings. If you consider the information to be critical, please use the form to describe it, but also contact us so that we can provide you with an encrypted channel to send additional details, to prevent this critical information from ending up in the wrong hands.
- Do not exploit the vulnerability or issue you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability, or by deleting or modifying other people’s data;
- Do not reveal the problem to others before it is solved;
- Do not use attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications; and
- Provide enough information to reproduce the issue so we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require additional explanation.

What we promise
- If you have followed the instructions above, we will not take any legal action against you in connection with the report.
- We will treat your report with strict confidentiality and will not disclose your personal information to third parties without your permission.
- We strive to resolve all issues as quickly as possible, and we would like to play an active role in the final publication of the issue once it has been resolved. So please let us know if you register a CVE or similar on our behalf.