Security

Vulnerability Disclosure Policy

We welcome good-faith security research and are grateful to the researchers who help us keep InnovationFlow and our customers' data safe.

Last updated: 15 June 2026

InnovationFlow is operated by Macrocyra UG (haftungsbeschränkt), Berlin, Germany. If you believe you have found a security vulnerability in any of our systems, we want to hear from you and will work with you to resolve it quickly.

Reporting a vulnerability

Email security@innovationflow.app. Encrypted email is available on request. To help us triage quickly, please include:

Our machine-readable security contact is published at /.well-known/security.txt.

Scope

The following are in scope:

The following are out of scope:

Guidelines for good-faith research

When researching, please:

Safe harbour

If you make a good-faith effort to comply with this policy during your research, we will consider your research to be authorised. We will work with you to understand and resolve the issue promptly, and we will not pursue or support legal action against you for your research. If a third party brings legal action against you for activity that was conducted in accordance with this policy, we will make it known that your actions were authorised.

What to expect from us

Rewards

We do not currently run a paid bug-bounty programme. We are, however, genuinely grateful for responsible disclosure and are glad to acknowledge researchers who help us improve InnovationFlow's security.

Languages

You are welcome to report in English or German (Englisch oder Deutsch).


Security contact: security@innovationflow.app · security.txt

How effective is your roadmapping?

Answer a few quick questions about how your organisation handles roadmapping and strategy execution. Get a personalised report with actionable recommendations.

Take the survey