The security of our platform and our users' data is our highest priority. If you discover a security vulnerability in techlogia.de or the Lab learning platform, we ask you to responsibly disclose it to us.

How to Report a Vulnerability

Please send your report to security@techlogia.de. PGP-encrypted communication is available — contact us for the public key.

Our Commitments

Response within 48 hours — we acknowledge receipt of your report
No legal action — as long as you act responsibly (no data theft, no disclosure before the fix)
Transparent communication — we keep you informed about the fix progress
Recognition — with your consent, we list you in our Hall of Fame

Rules for Responsible Disclosure

Do not access, modify, or delete other users' data
Do not perform denial-of-service attacks or automated mass scans
Do not publish the vulnerability before we have fixed it (minimum 90-day grace period)
Social engineering, phishing, or physical attacks are out of scope

Scope

techlogia.de — main website and all subdomains
Lab platform — techlogia.de/lab/*
API — techlogia.de/api/*

Security Measures

We employ comprehensive technical measures to ensure platform security:

TLS encryption (HTTPS with HSTS)
Content Security Policy (CSP) with strict-dynamic
Web Application Firewall (CrowdSec)
Bcrypt password hashing
Multi-factor authentication for admin access
Automated, encrypted backups (restic)
Hosting exclusively in German data centers (Hetzner)

This policy follows the BSI recommendations for Coordinated Vulnerability Disclosure (CVD).