Privacy notice – vulnerability reporting
Controller: barox Kommunikation AG, Switzerland ("barox"). Contact: security@barox.ch.
Purpose and legal basis
Data submitted via this form is processed exclusively to receive, analyse and remediate reported security issues and to fulfil the vulnerability handling and reporting obligations of the EU Cyber Resilience Act (CRA). The legal basis is our legitimate interest in the security of our products and compliance with legal obligations (Art. 6 (1) (c) and (f) GDPR).
Data processed
- Contact details, only if you provide them voluntarily (name, company, email, phone). Anonymous reports are possible.
- The technical content of your report and any attachments.
- A cryptographic hash of your IP address (not the address itself) for abuse prevention and rate limiting.
Retention and recipients
Reports are stored for the lifetime of the affected product plus the statutory retention periods required for CRA documentation. Data is not shared with third parties except with the competent authorities (e.g. CSIRT/ENISA) where legally required.
Your rights
You have the right to access, rectification, erasure and restriction of the processing of your personal data. Contact security@barox.ch. Please do not submit personal data of third parties, passwords or production credentials.