Klovex handles access tokens to our customers' most valuable accounts. We treat that responsibility seriously: short scopes, encrypted storage, audit-logged access, and a fast path to disconnect at any time.
We maintain a documented incident-response plan covering detection, triage, containment, eradication, recovery and post-mortem. In the event of a security incident affecting customer data we will:
We welcome reports from the security community. If you believe you have found a vulnerability in Klovex, email security@klovex.xyz with a clear description, reproduction steps, and any supporting material. We will acknowledge within 48 hours, keep you informed of progress, and credit you (if you wish) once a fix is shipped.
Please avoid testing that may degrade the Service for other customers (no DoS, no automated scanning at high volume, no social engineering of Klovex personnel). We will not pursue legal action against researchers who follow this policy.