Legal Information

Security response

Last updated: October 20, 2025

We appreciate your concern

Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.

Reporting security problems

If your account is under attack such as hacking, unauthorized access, or abuse of voice services, please email us immediately at [email protected] with "URGENT SECURITY" in the subject line. We will respond as quickly as possible and work with you to secure your account.

To report security vulnerabilities in our service, please email [email protected] with:

  • A clear description of the vulnerability
  • Steps to reproduce the issue (if applicable)
  • Potential impact of the vulnerability
  • Any relevant screenshots, logs, or technical details

We'll respond as soon as we can, typically within 72 hours. Please do not publicly disclose the vulnerability until we've had a chance to investigate and address it.

For other urgent or sensitive reports related to security, privacy, or data protection, please email [email protected].

For general support requests that aren't security-related, you can also use [email protected] — we handle all customer inquiries at this address.

Secure file transfer

If you need to send us sensitive files (such as logs, recordings, or other evidence) securely, please mention this in your initial email and we will provide you with a secure upload link.

Our response process

When you report a security issue, here's what will happen:

  1. Acknowledgment: We'll acknowledge your report and confirm we're investigating
  2. Investigation: We'll investigate the issue and assess its severity and impact
  3. Resolution: We'll work to resolve the issue as quickly as possible
  4. Communication: We'll keep you updated on our progress and let you know when the issue is resolved
  5. Disclosure: Once resolved, we may publish a security update (with your permission, we'll credit you for the discovery)

Responsible disclosure

We ask security researchers to:

  • Give us reasonable time to investigate and fix issues before public disclosure
  • Avoid accessing, modifying, or deleting customer data beyond what's necessary to demonstrate the vulnerability
  • Not exploit the vulnerability beyond demonstrating its existence
  • Not disrupt our service or harm our customers

We commit to:

  • Respond to your report promptly
  • Keep you informed about our progress
  • Not pursue legal action against researchers who follow responsible disclosure practices
  • Publicly acknowledge your contribution (with your permission)

Data breach notification

If we discover or are notified of a data breach that affects customer data, we will:

  • Investigate the breach immediately
  • Notify affected customers within 72 hours (in accordance with UK GDPR)
  • Report the breach to the ICO (Information Commissioner's Office) if required
  • Take immediate steps to contain and remediate the breach
  • Provide clear information about what happened and what steps customers should take

Thanks for helping us stay secure

We appreciate the security research community and anyone who takes the time to help us improve our security posture. While we don't currently operate a formal bug bounty program, we're grateful for responsible disclosure and will acknowledge contributors who help us keep Torru secure.