Security
Last updated: June 2026
This page explains how to report a suspected security vulnerability in Hydra POS, Hydra PMS, Hydra INV, Hydra Admin, Hydra Manager, or Hydra Waiter, and what to expect afterward. A machine-readable version of this policy is published at hydrasuite.hu/.well-known/security.txt, in line with RFC 9116.
1. Reporting a vulnerability
Security issues should be reported privately to security@hydrasuite.hu (or support@hydrasuite.hu) rather than disclosed publicly or filed as a public issue.
2. What to include
A description of the issue and its potential impact. Steps to reproduce, or a proof of concept. The affected version or component.
3. What to expect
Reports are acknowledged within 3 business days. The issue is investigated, with progress updates along the way. Reasonable time is requested before any public disclosure, so a fix can be prepared first. There is currently no paid bug bounty program, but reporters are credited (with permission) once a fix ships.
4. Responsible testing
Do not access, modify, or delete data belonging to a real customer or venue. Do not test against production customer environments without prior written permission. Do not publicly disclose an issue before it has been addressed.