SECURITY

Security Policy

The security of Reversia's modules and their users is a priority. This page documents our commitment to responsible disclosure and our vulnerability management process.

Last updated : August 28, 2025Sequoia Labs SARL
01 · Section

Reporting a vulnerability

The security of our modules and clients is paramount. Reversia encourages security researchers to conduct analyses on its modules and to report any vulnerability identified, in keeping with responsible disclosure best practices.

The company is committed to identifying and fixing any vulnerability, and to communicating transparently with the parties concerned throughout the process.

To report a vulnerability
Write to contact@reversia.tech. Researchers are invited to provide as much detail as possible: description, impact, affected version, steps to reproduce.
02 · Section

Vulnerability management policy

In line with the TouchWeb Charter for Responsible Cybersecurity, our team applies the following principles for handling each report received:

  • Acknowledgment of any relevant report within 7 days maximum (CVSS ≥ 4.0)
  • Impact analysis and patch planning within 30 days maximum
  • Publication of a security advisory with a CVE identifier if the CVSS score is ≥ 7.5
  • No fix is published silently

Commitments to researchers

In parallel, the following commitments ensure responsible and ethical handling:

  • Not to prosecute researchers acting in good faith
  • To ensure that no confidentiality agreement can hinder the transparent publication of a security advisory with a CVE identifier, in accordance with the state of the art
This transparency allows the relevant third parties (agencies, merchants, etc.) to meet their compliance obligations, in particular PCI-DSS or SAQ-A.
03 · Section

Publication authorization

Reversia expressly authorizes any company to publish information relating to fixed vulnerabilities on its official website, in accordance with the commitments of the Responsible Cybersecurity Charter.

This publication may include:

  • A CVE identifier associated with the vulnerability
  • A security note clearly describing the problem and its resolution
  • The affected versions and the fixed version
  • An easy-to-deploy patch when an update is not immediately possible
  • Any useful information allowing users and agencies to protect themselves quickly
Touchweb · Responsible Cybersecurity Charter
Reversia is a signatory of the Responsible Cybersecurity Charter led by Touchweb.
04 · Section

Data protection

Reversia processes its clients' data in strict compliance with the General Data Protection Regulation (GDPR, EU 2016/679) and the French Data Protection Act of January 6, 1978, as amended.

Data is hosted on the Google Cloud Platform infrastructure (Google Cloud France), within the European Union. Communications between your store, your users and the Reversia infrastructure travel over HTTPS.

For any question relating to the processing of your data or to exercise the rights provided for by the GDPR, write to us at contact@reversia.tech.

05 · Section

Contact

For any question relating to security or to report a vulnerability, the Reversia team can be reached at the following address:

Email
contact@reversia.tech
Acknowledgment time
7 days maximum (CVSS ≥ 4.0)
Patch time
30 days maximum
Report a vulnerability

If you identify a security flaw, write to us with as much detail as possible: description, impact, affected version, steps to reproduce.