REMLogics, LLC

Vulnerability Disclosure Policy

Security Research and Responsible Disclosure

Effective Date: April 2026

REMLogics, LLC takes the security of the REMone platform and our customers' data seriously. We welcome reports from security researchers, customers, and the public about potential security vulnerabilities in our products and services.


This policy describes how to report security vulnerabilities to us, what you can expect from us in response, and the scope of our disclosure program.


1. How to Report a Vulnerability

Please report security vulnerabilities by contacting us at:


Email: support@remlogics.com

Subject line: Security Vulnerability Report — REMone


Please include the following information in your report:

  • A description of the vulnerability and its potential impact

  • The affected product, component, or URL

  • Steps to reproduce the vulnerability

  • Any proof-of-concept code or screenshots (if available)

  • Your name and contact information (optional — anonymous reports are accepted)


We will acknowledge your report within 3 business days and provide an estimated timeline for resolution.


2. Our Commitments to Researchers

When you report a vulnerability to us in good faith, we commit to:

  • Acknowledge receipt of your report within 3 business days

  • Investigate and validate the reported issue promptly

  • Keep you informed of our progress toward resolution

  • Work to remediate confirmed vulnerabilities in a timely manner

  • Not pursue legal action against researchers who follow this policy

  • Recognize your contribution if you wish to be credited (with your permission)


3. Scope

The following systems and services are in scope for vulnerability reports:

  • REMone Work Order Management web application (remlogics.com hosted environments)

  • REMone Tenant Portal

  • REMone Vendor Portal

  • REMone API (Rem.Api)

  • remlogics.com website


The following are out of scope:

  • Third-party services and integrations not operated by REMLogics (Microsoft Azure, Oracle, Dynamics 365, etc.)

  • Denial of service attacks

  • Social engineering attacks against REMLogics employees or customers

  • Physical security attacks

  • Automated scanning that generates excessive load on our systems


4. Responsible Disclosure Guidelines

We ask that researchers:

  • Give us reasonable time to investigate and remediate before publicly disclosing the vulnerability

  • Make a good faith effort to avoid accessing, modifying, or deleting customer data

  • Do not exploit the vulnerability beyond what is necessary to demonstrate the issue

  • Do not conduct testing against customer environments or customer data

  • Coordinate with us on disclosure timing — we aim to resolve critical issues within 30 days


5. Safe Harbor

REMLogics will not pursue civil or criminal action against security researchers who:

  • Act in good faith and follow this disclosure policy

  • Do not access, modify, or exfiltrate customer data beyond what is needed to demonstrate the vulnerability

  • Report findings to us promptly and allow reasonable time for remediation

  • Do not disrupt the availability of our services


6. Recognition

We maintain a list of researchers who have responsibly disclosed vulnerabilities to us. If you would like to be recognized for your contribution, please indicate this in your report. We will not publicly identify researchers without their explicit permission.


7. Contact

REMLogics, LLC

Security Contact: support@remlogics.com

Website: remlogics.com

This policy is also published at: remlogics.com/security