Vulnerability Disclosure Policy

HQLAᵡ is committed to security and therefore welcomes security reports. All security issues found in relation to HQLAᵡ should be reported by email to If possible, please encrypt your email; our PGP key is at the bottom of this page. HQLAᵡ's Security Team will acknowledge your email and initiate an investigation as soon as is practically possible. Advisory-class issues may require coordinated disclosure with our customers and partners before being made publicly available. If you haven’t heard back from us within 72 hours, please reach out to us using the website form, without the vulnerability details.

As with any security related activity, security reporters are expected to comply with all applicable laws and regulations in the course of their research activities, and in a manner that protects the property and privacy of HQLAᵡ’s customers and partners. When submitting a security report, we are committed to working in good faith with the security community. HQLAᵡ requires that vulnerability submissions are conducted following a responsible disclosure model. By submitting a vulnerability, you agree not to publicly disclose or share the vulnerability with any third party until HQLAᵡ confirms that the vulnerability has been remediated or you have received written permission from HQLAᵡ to publish information about the vulnerability. Please do not include any identifiable information (name, contact information, or similar information) in your communications.

Disclosure Process

Send email to:

Please include the following information:

Please limit as much as possible large attachments or executable files as the email might be flagged as spam.

PGP Key for

Download our PGP Key here.

PGP fingerprint: 4EC8 27C0 43E8 E3FD 43C2  C9E0 CF2A 6E9D FD0E 6676