Security & Operations
Effective Date: May 30, 2026
InfraNet HR values the security of our platform, customers, and users. We welcome responsible disclosure of security vulnerabilities and appreciate the efforts of security researchers who help improve the safety and reliability of our services.
Please submit vulnerability reports to: security@infranet-hr.com
To help us investigate efficiently, please include a description of the vulnerability, steps to reproduce the issue, affected pages or functionality, screenshots or proof-of-concept information when available, and contact information for follow-up questions.
InfraNet considers security research to be conducted in good faith when researchers avoid privacy violations, avoid destruction or modification of data, avoid service disruption, avoid unauthorized access to customer information, report vulnerabilities promptly after discovery, and provide reasonable time for remediation before public disclosure.
The following activities are not authorized under this Policy: accessing customer accounts or customer data, downloading or modifying information that does not belong to you, physical security testing, denial-of-service attacks, social engineering attacks, spam or phishing activity, malware deployment, or any activity that could disrupt service availability. Researchers should immediately stop testing and notify InfraNet if customer data is encountered.
When vulnerability reports are submitted in good faith, InfraNet will acknowledge receipt of the report, review and investigate the issue, work to validate legitimate findings, take appropriate corrective action when necessary, and maintain communication regarding the status of the report when appropriate.
We ask researchers not to publicly disclose vulnerabilities until InfraNet has had a reasonable opportunity to investigate and remediate the issue and customers and users are adequately protected. Coordinated disclosure helps protect the security of the platform and its users.
This Policy applies to infranet-hr.com and publicly accessible InfraNet services and applications. Third-party services, vendors, and external systems are governed by their respective owners and policies.
At this time, InfraNet does not operate a formal bug bounty program. Submission of a vulnerability report does not create any expectation of financial compensation.
Questions regarding this Responsible Disclosure Policy may be directed to:
InfraNet HR
Email: security@infranet-hr.com
Springfield, Missouri, United States
Last Updated: May 30, 2026