Data is the new gold! Our highly-rated Power BI intensive masterclass is now open to the public - Transform your data skills in just 2 days Book your place now

Vulnerability Disclosure Programme

Help us keep Red Eagle Tech secure - responsibly

Every company says they take security very seriously, but at Red Eagle Tech, we're about actions not words. So judge for yourself.

We know that no system is perfect. If you've discovered a potential security issue, we want to hear from you right away.

What's in scope?

Our VDP covers all Red Eagle Tech properties and services:

  • redeagle.tech and all subdomains
  • MeldEagle (meldeagle.com) - our Shopify automation platform
  • Content Disarm & Reconstruct API and related services
  • All other web-facing properties published by Red Eagle Tech

Not all our properties are listed here - some are bespoke client solutions, so we don't publicise them here. But they're all clearly identified as 'powered by Red Eagle Tech', so if you see our name, it's fair game.

Researchers that are keen to work with us and establish a trusted relationship are welcome to request a full list of properties and we can even help out with test environments. Our test environment architecture and code exactly mirrors production, whilst being free from sensitive data.

How to report a vulnerability

Spotted something that needs fixing? High five! Here's how to let us know:

Email us at: security@redeagle.tech

Please include:

  • What you found and why it matters
  • Steps to reproduce (the more detail, the better)
  • Screenshots, proof-of-concept code, or videos if helpful
  • The affected URL or system
  • Your thoughts on severity and potential impact

Need to encrypt your message?

Use our PGP public key

Fingerprint: C5AB 412E 4CAE 4CE3 ECB1 F9C9 E32E F95C 43A3 1BBD

What we promise

Quick response
We'll acknowledge your report within 3 business days
Regular updates
We'll keep you informed as we investigate and fix
Coordinated disclosure
We'll work with you on when to go public
No legal action
Good faith research following our guidelines is safe
Recognition
Valid findings earn a spot in our Hall of Fame

Timeline expectations:

  • • Acknowledgment: Within 3 business days
  • • Initial triage: Within 10 business days
  • • Fix timeline: Varies by severity (we'll keep you posted)
  • • Disclosure: After fix, or 90 days max

Occasionally we might miss an email - sorry - we're human. If you haven't heard back, please give us a friendly nudge.

Ground rules for testing

Please do:

  • • Test responsibly and minimise impact
  • • Stop immediately if you encounter user data
  • • Report findings promptly
  • • Work with us on coordinated disclosure

Please don't:

  • • Launch denial-of-service attacks
  • • Use automated scanners that might overwhelm our systems
  • • Access, modify, or delete data that isn't yours
  • • Social engineer our staff (we're friendly, but that's cheating!)
  • • Test on production during peak hours if avoidable
  • • Share vulnerabilities before we've had a chance to fix them

Safe harbour - you're protected

We want you to feel safe reporting issues to us. Crystal clear:

Of course, deliberately malicious or exceptionally dumb actions aren't covered. But we know you're one of the good ones... so this doesn't apply to you does it.

Recognition & thanks

We're a startup with big security ambitions but modest budgets. While we can't offer massive bounties (yet!), we absolutely value your contributions:

Hall of Fame

Valid findings earn you a permanent spot

Swag

Red Eagle Tech goodies as a thank you

Service credits

Possible MeldEagle subscription credits

Discretionary rewards

For critical findings, we may surprise you

More details on specific rewards coming soon - watch this space

Regardless of rewards, you'll always have our sincere gratitude and respect.

Security hall of fame

Coming soon - be one of the first to earn your spot!

We'll list security researchers who've helped keep Red Eagle Tech safe.

Questions?

Need clarification on anything? Drop us a line at security@redeagle.tech

We're friendly, we promise. Happy hunting!

Choose the service you need below.

There's an option below if you're not sure, too.

I need help with software engineering including:

  • - Website or app development
  • - Business intelligence solutions
  • - System integration
Request free consultation

I need help with IT operations including:

  • - Managed services and IT helpdesk support
  • - Cybersecurity solutions
  • - Cloud services
Request free consultation

I need help with technology governance including:

  • - Virtual Chief Technology Officer
  • - Compliance and certifications
  • - Consulting and projects
Request free consultation

I'm not sure what I need

No worries, let's talk. We can find a solution together.

Get in touch

Our partners

Microsoft Partner logo
Shopify Partners logo
QuickBooks logo
CrowdStrike logo
Check Point logo
NinjaOne logo
Axcient logo
Perimeter 81 logo

Our tech stack

C# logo

C#

.NET logo

.NET

Node.js logo

Node.js

React JS logo

React JS

Blazor logo

Blazor

SignalR logo

SignalR

Azure logo

Azure

Azure App Service logo

App Service

Azure Functions logo

Functions

GitHub logo

GitHub

Azure DevOps logo

DevOps

Azure Bicep logo

Bicep

Azure SQL logo

Azure SQL

MongoDB logo

MongoDB

OneLake logo

OneLake

Kafka logo

Kafka

Power BI logo

Power BI

Microsoft Fabric logo

Fabric

Azure AI Foundry logo

AI Foundry

Copilot logo

Copilot

OpenAI logo

OpenAI

Anthropic logo

Anthropic

Playwright logo

Playwright

Cloudflare logo

Cloudflare