Version February 2026
Coordinated Vulnerability Disclosure (CVD) Policy
At Genus Care, the safety of our users and the integrity of our platform are our highest priorities. We believe that no system is 100% secure. If you have found a vulnerability in our software or infrastructure, we appreciate your help in disclosing it to us in a responsible manner.
Our Promise (Safe Harbor)
If you comply with the policies below when reporting a security issue to Genus Care, we will not initiate legal action against you. We consider your research to be "authorized" as long as you:
- Do not cause any harm to our systems or the availability of our services.
- Do not access, modify, or delete any data belonging to our users (patients or healthcare providers), in accordance with our Privacy Policy.
- Do not perform any Denial of Service (DoS) attacks or social engineering against our staff or customers.
- Keep the vulnerability confidential until we have implemented a fix (Coordinated Disclosure).
What is Genus
Genus Care is a (communication) platform for remote care for healthcare professionals and informal caregivers. The Genus Care platform consists of several components: Genus device (Genus), Connected peripherals, Genus apps, Genus portal and Genus backend.
Reporting a Vulnerability
If you believe you have found a security vulnerability, please report it immediately via:
- Email: security@genus.care
- Encrypted Communication: Please use our PGP key (available via our security.txt) to encrypt sensitive information.
What to include in your report:
- A clear description of the vulnerability.
- The specific product, URL, or endpoint affected.
- Step-by-step instructions (or a Proof-of-Concept script) to reproduce the issue.
- Your contact details (name/alias) if you wish to be acknowledged.
What You Can Expect
Once a report is submitted, it enters our formal Incident Management Process. You can expect the following:
- Acknowledgement: We will acknowledge receipt of your report within 2 business days.
- Validation: Our Security Officer and the PRRC (Person Responsible for Regulatory Compliance) will validate the report and assess the potential impact on patient safety.
- Remediation: We will work to resolve the issue as quickly as possible. We aim to keep you informed of our progress.
Safety
Privacy and information security
Your data is safe with us according to the highest international and healthcare standards
