Skip to content
Limited Beta Voltasis is currently in limited beta. Request an invite to get early access.

Security

Vulnerability Disclosure Policy

We take the security of the Voltasis platform seriously. If you discover a vulnerability, we want to hear from you.

Last updated: April 1, 2026

1. Reporting a Vulnerability

If you believe you have discovered a security vulnerability in the Voltasis platform, website, or infrastructure, please report it to us as soon as possible:

Security Reports

Email: security@voltasis.com

Please include the following in your report:

  • A description of the vulnerability and its potential impact
  • Detailed steps to reproduce the issue
  • Any relevant screenshots, logs, or proof-of-concept code
  • Your name and contact information (if you wish to be credited)

2. Scope

The following systems and services are in scope for vulnerability reports:

  • The Voltasis web application at app.voltasis.com
  • The Voltasis API
  • The Voltasis marketing website at voltasis.com
  • Voltasis desktop and mobile applications

The following are out of scope:

  • Third-party services (AWS, Stripe, Xero) — report these to the respective providers
  • Social engineering attacks against Voltasis employees or users
  • Denial-of-service (DoS/DDoS) attacks
  • Physical security of Voltasis offices or infrastructure
  • Vulnerabilities in software or systems not owned or operated by Voltasis

3. Safe Harbor

Voltasis will not pursue legal action against security researchers who:

  • Make a good-faith effort to avoid privacy violations, destruction of data, and interruption or degradation of the Service
  • Only interact with accounts they own or with explicit permission from the account holder
  • Do not exploit a vulnerability beyond what is necessary to demonstrate the issue
  • Report the vulnerability to Voltasis before disclosing it publicly or to any third party
  • Allow Voltasis a reasonable period (at least 90 days) to address the vulnerability before any public disclosure

We consider activities conducted consistent with this policy to be "authorized" under the Computer Fraud and Abuse Act (CFAA) and similar laws. We will not pursue a claim against you for circumventing technology controls if you have acted in accordance with this policy.

4. Our Commitment

When you submit a vulnerability report, we commit to:

  • Acknowledging receipt of your report within 3 business days
  • Providing an initial assessment of the report within 10 business days
  • Keeping you informed of our progress toward resolving the issue
  • Crediting you publicly (if you wish) once the vulnerability has been resolved
  • Not taking legal action against you if you follow this policy

5. What We Ask

  • Do not access, modify, or delete data belonging to other users or organizations.
  • Do not perform actions that could negatively impact other users or the availability of the Service.
  • Do not publicly disclose the vulnerability before we have had a reasonable opportunity to address it.
  • Do provide enough detail for us to reproduce and understand the vulnerability.

6. Contact

For security vulnerability reports: security@voltasis.com

For general inquiries: contact@voltasis.com

Voltasis LLC
PO Box 1588
Easley, SC 29641
United States