Responsible disclosure

This page is intended for responsible reports of technical security issues related to the www.afm.hu website. Reports should be submitted in a manageable, harm-minimising and verifiable form.

Technical security issues: security@afm.hu Data protection matters: dpo@afm.hu General enquiries: info@afm.hu

Where possible, please include the affected URL or function, a short description of the issue, reproduction steps, technical evidence if needed and a contact email address.

The responsible disclosure scope is limited to the public Avenir website and directly related public website surfaces. Customer systems, partner systems, third-party systems, physical sites, internal systems, email testing and social engineering are not in scope.

Physical intrusion attempts, social engineering, phishing, spam, DoS / DDoS / load testing, malicious code, downloading, copying or viewing data beyond authorised access, and testing customer, partner or third-party systems are not permitted.

Reporters should not download unnecessary data, copy personal or business data, or disclose it publicly. If accidental access occurs, please report it promptly and avoid unnecessary forwarding of the data.

We review reports based on the information provided and, where appropriate, respond using the contact details supplied.

Avenir does not currently operate a public bug bounty or reward programme.

Good-faith reports that do not cause harm and respect the framework above are handled in a cooperative manner.