Skip to main content
Hit enter to search or ESC to close
Close Search
Cropped Cloudsonic Social Icon 1
Menu
  • Products
  • Platform
  • Resources
  • Developers
  • Pricing
  • Support
  • Log In
  • Webmail
  • Contact Sales
  • Products
  • Platform
  • Resources
  • Developers
  • Pricing
  • Support
  • Log In
  • Webmail
  • Contact Sales
Platform
  • Legal Centre
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Acceptable Use Policy
Compliance
  • CCPA Notice
  • DMCA Policy
  • Data Processing Agreement
  • Responsible Disclosure

Responsible Disclosure

Last updated 01/01/2026

Cloudsonic Hosting (“Cloudsonic”, “we”, “us”, “our”), a brand operated by Brisbane Agency (ABN: 20 039 689 628), takes the security of our systems and our customers’ data seriously. We welcome reports from security researchers and members of the public who discover potential vulnerabilities in our infrastructure, websites, or services.

This Responsible Disclosure Policy explains how to report security vulnerabilities to us and what you can expect from us in return.

1. Scope

This policy applies to security vulnerabilities discovered in:

  • Our websites: cloudsonic.com.au, cloudsonic.eu, cloudsonic.us, and associated subdomains
  • Our customer control panel and account management systems
  • Our hosting infrastructure, to the extent it affects Cloudsonic’s own systems

This policy does not cover vulnerabilities in customer-hosted websites or applications. If you have discovered a vulnerability in a third-party website hosted on our infrastructure, please contact the website owner directly.

2. How to Report

Please report suspected vulnerabilities via our contact page. To help us triage your report efficiently, please include:

  • A clear description of the vulnerability and the potential impact
  • The affected system, URL, or component
  • Step-by-step instructions to reproduce the issue
  • Any supporting evidence such as screenshots, proof-of-concept code, or request/response logs
  • Your contact details so we can follow up with you

Please submit reports in English where possible.

3. What We Ask of You

When conducting security research and reporting vulnerabilities, we ask that you:

  • Act in good faith and with the intent to improve security, not to cause harm
  • Do not access, modify, delete, or exfiltrate data belonging to Cloudsonic or our customers beyond what is necessary to demonstrate the vulnerability
  • Do not perform testing that disrupts or degrades our Services or affects other customers
  • Do not exploit a vulnerability beyond a minimal proof of concept
  • Do not disclose the vulnerability publicly until we have had a reasonable opportunity to investigate and remediate it (see coordinated disclosure below)
  • Do not use automated scanning tools against our infrastructure without prior written approval
  • Comply with all applicable laws when conducting your research

4. What You Can Expect from Us

If you report a vulnerability in good faith and in accordance with this policy, we commit to:

  • Acknowledging receipt of your report within 5 business days
  • Keeping you informed of our progress as we investigate and remediate the issue
  • Treating your report confidentially and not sharing your personal details without your consent, except where required by law
  • Not pursuing legal action against you in connection with your research, provided you have complied with this policy

We do not currently operate a bug bounty programme and are unable to offer monetary rewards for vulnerability reports. We are happy to acknowledge your contribution publicly if you would like, subject to your consent.

5. Coordinated Disclosure

We ask that you give us a reasonable period to investigate and remediate a reported vulnerability before disclosing it publicly. We consider 90 days from the date of acknowledgment to be a reasonable timeframe in most cases. If you believe an issue requires more urgent disclosure, please discuss this with us directly.

We will aim to keep you updated throughout the remediation process and will work with you to agree on an appropriate disclosure timeline.

6. Out of Scope

The following are outside the scope of this policy and should not be tested:

  • Social engineering attacks against Cloudsonic staff or customers
  • Physical security testing
  • Denial-of-service or volumetric attacks of any kind
  • Spam or phishing campaigns
  • Vulnerabilities in third-party software or services that we do not control, unless they directly impact our systems
  • Issues that require unlikely user interaction or have negligible security impact

7. Legal

This policy does not grant you permission to act in a manner that is unlawful under Australian, EU, US, or other applicable law. Security research conducted in accordance with this policy and in good faith is not considered by us to be a violation of our Terms of Service or Acceptable Use Policy. However, we cannot provide assurances regarding the position of third parties or law enforcement agencies.

Contact Sales