Skip to main content

Security

Last updated: June 2026

This page explains how to report a suspected security vulnerability in Hydra POS, Hydra PMS, Hydra INV, Hydra Admin, Hydra Manager, or Hydra Waiter, and what to expect afterward. A machine-readable version of this policy is published at hydrasuite.hu/.well-known/security.txt, in line with RFC 9116.

1. Reporting a vulnerability

Security issues should be reported privately to security@hydrasuite.hu (or support@hydrasuite.hu) rather than disclosed publicly or filed as a public issue.

2. What to include

A description of the issue and its potential impact. Steps to reproduce, or a proof of concept. The affected version or component.

3. What to expect

Reports are acknowledged within 3 business days. The issue is investigated, with progress updates along the way. Reasonable time is requested before any public disclosure, so a fix can be prepared first. There is currently no paid bug bounty program, but reporters are credited (with permission) once a fix ships.

4. Responsible testing

Do not access, modify, or delete data belonging to a real customer or venue. Do not test against production customer environments without prior written permission. Do not publicly disclose an issue before it has been addressed.