Purpose:
MUNT Hypotheken is committed to keeping its systems and data secure. This Responsible Disclosure Policy provides a safe and structured way for security researchers and ethical hackers to report potential vulnerabilities on our website.
Scope:
This policy applies to all security issues discovered in our publicly accessible websites.
What We Ask From You:
Only report vulnerabilities discovered through legal and ethical means.
Avoid exploiting or accessing data that does not belong to you.
Provide sufficient detail for us to reproduce and fix the issue.
What You Can Expect From Us:
Acknowledgement of your report within 5 business days.
Timely communication regarding our investigation and resolution.
Safe harbour: we will not pursue legal action against individuals who comply with this policy.
Out of Scope:
The following types of issues are considered out of scope and do not need to be reported:
Publicly available information (OSINT), including WHOIS records, social media profiles, and other publicly accessible data.
General server, network, or application configuration details that do not directly affect security, such as HTTP/HTTPS headers, TLS/SSL settings, robots.txt, security.txt, or default server banners.
Spelling, content, or layout errors that do not pose a security risk.
Social engineering attempts, phishing, or attempts to access other users’ accounts.
Denial-of-Service (DoS) attacks or any actions intended to disrupt the availability of services.
Reporting:
Please submit your report via the designated security email: 
. Include a clear description, steps to reproduce, and any supporting evidence.
Acknowledgment:
While we do not offer financial rewards, our primary goal is to ensure responsible and safe reporting of security issues. This approach allows us to effectively manage vulnerabilities and improve our systems in a structured way.
Thank you for helping us improve the security of our systems.
Last Modified: April, 2026.
Classification: Public
