Responsible Disclosure Policy

Data security is a top priority for Arvo. The following outlines our policy for reporting vulnerabilities.

Disclosure Policy

• If you believe you’ve discovered a potential vulnerability, please immediately email us at security@arvotech.com. We will acknowledge your email promptly and respond with requests for evidence/necessary follow-up as soon as we are able to assess the vulnerability. Should the issue pose what Arvo Tech deems as a security risk, we may, at that time, provide an estimated timeframe for remediation.

• Public knowledge of a vulnerability has the potential to invite attacks on our services. Please provide Arvo Tech a reasonable amount of time to resolve any issue and refrain from disclosing it to the public or a third party unless working under the direct supervision of Arvo Tech, LLC.

• Make good-faith efforts to avoid violating privacy, destroying data, or interrupting/otherwise degrading Arvo Tech services. Only interact with accounts you own or for which you have explicit permission from the account holder.

Exclusions

Under no circumstances are you to investigate potential vulnerabilities in any way that can potentially compromise the integrity of the system as a whole unless under the direct supervision of Arvo Tech. Such investigation methods include, but are not limited to:

• Distributed Denial of Service (DDoS)
• Spamming
• Social engineering or phishing of Arvo Tech employees or contractors
• Any attacks against Arvo Tech’s physical property or data centers

Changes

We may revise these guidelines from time to time. The most current version of the guidelines will be available at arvotech.com/security-arvo-tech.

Arvo is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at security@arvotech.com.

Disciplinary Action

Any party – including employees of Arvo Tech – who violate this policy may face legal or disciplinary consequences in proportion to their violation. Any legal or disciplinary action taken will be at the sole discretion of Arvo Tech.

Responsibility

Arvo Tech, LLC. is solely responsible for maintaining the security of its systems. All questions, concerns, or vulnerability reports must be directed to Arvo Tech, LLC. by emailing security@arvotech.com.

Last Updated: February 2026