Security

Security & Vulnerability Disclosure

Operata takes the security of our systems and customer data seriously. We welcome responsible disclosure of security vulnerabilities.

Reporting a Vulnerability

If you believe you have identified a security vulnerability affecting Operata systems, please report it to:

Email: security@operata.com

For sensitive reports, you may encrypt your message using our PGP key:

PGP: https://static.operata.io/.well-known/pgp-key.txt

Please include, where possible:

  • A clear description of the issue
  • Steps to reproduce the vulnerability
  • Affected URLs, services, or components
  • Any relevant proof-of-concept code or screenshots

Please do not include sensitive customer data in your report.

Scope

In scope:

  • operata.com
  • operata.io
  • Subdomains of operata.com
  • Subdomains of operata.io
  • Operata-operated APIs and services

Out of scope:

  • Third-party services or customer-managed environments
  • Rate-limiting issues without demonstrated security impact
  • Missing security headers without a demonstrable exploit path
  • SPF, DKIM, or DMARC configuration suggestions
  • Social engineering or phishing attacks against Operata employees
  • Denial-of-service attacks or stress testing
  • Issues requiring physical access to a user’s devic

Guidelines for Responsible Disclosure

We ask that you:

  • Do not exploit the vulnerability beyond what is necessary to demonstrate it
  • Do not access, modify, or delete customer data
  • Do not perform denial-of-service attacks or testing
  • Coordinate any public disclosure with us and allow a reasonable remediation period (typically at least 90 days from initial report)

Our Commitment

We will make reasonable efforts to:

  • Acknowledge receipt of your report
  • Assess the validity and severity of the report
  • Take appropriate remediation actions where necessary

Bug Bounties

Operata does not operate a paid bug bounty program and does not offer monetary rewards for disclosures. With your permission, we are happy to publicly acknowledge responsible disclosures.

Legal Safe Harbor

To the extent permitted by law, we consider security research conducted in accordance with this policy to be authorized and will not pursue legal action against researchers who:

  • Act in good faith and follow this policy
  • Avoid privacy violations, data destruction, and service disruption
  • Report findings promptly and allow reasonable time for remediation
Product
Operata PlatformMonitoringAssuranceInsightsAgent ExperienceIntegrations
AI
CX Insights Graph®Customer Journey Trace®CX CopilotOperata MCP Server®
FEATURES
Agent CopilotAgent Readiness TestCustomer Journey Trace®CX CopilotOperata MCP Server®PlaybooksAll Features
Resources
PricingWhitepapersCustomersBlogROI CalculatorHelp CenterEvents
Built for
IT OperationsContact Center OperationsContact Center AgentsContact Center Transformation
Company
Our StoryWhy Operata?PartnersCareersGet in Touch
Developers
DocsChangelogStatus
Privacy Policy  |  Terms of Service
© 2026 Operata Pty Ltd