Home > Vulnerability Disclosure Policy
Last updated: 15/07/2026
This policy gives security researchers a clear way to report a potential security vulnerability in Micron21's services and infrastructure, and explains what we will do when you report one.
The security of our platform is central to what we do, and we take every care to keep our systems secure. Even so, vulnerabilities can exist. If you believe you have found one, we want to hear from you. This policy explains how to tell us safely.
We value the work of the security research community. Research conducted in good faith under this policy is welcome, and Micron21 will not pursue or support legal action against researchers who comply with it.
You can report vulnerabilities in the internet-facing services and infrastructure that Micron21 operates, including:
This policy does not cover:
Email us at abuse@micron21.com with as much of the following as you can:
If your report contains sensitive information, you can send that information to us securely using our Escrow service: https://escrow.micron21.com/.
You can find this policy and our reporting contact from any of our domains at /.well-known/security.txt.
When researching, please act carefully: don't access, change or download data beyond the minimum needed to demonstrate the issue, stop immediately if you encounter someone else's data, and keep any scanning to non-disruptive volumes.
Email: abuse@micron21.com
Reports go directly to Micron21's security team. Please don't raise vulnerability reports through our general support channels: using the security contact keeps your report with the right people and keeps details confidential.
Confirmed vulnerabilities are fixed under our internal severity-based service levels and tracked through to closure. Where the issue is in software we develop, we investigate the root cause so the fix addresses the class of problem, not just the instance you found.
We ask that you don't publicly disclose a vulnerability until we've confirmed it is resolved or 90 days have passed since your report, whichever comes first, unless we've agreed a different timeline with you.
Simple, transparent pricing from Australia's leading cloud provider