Responsible Security Disclosure

The security of our systems and the data we hold is a critical priority for Explorate. We take every effort to keep our platform, services, data systems and infrastructure secure. However, despite our best efforts, vulnerabilities may still exist.

This Responsible Security Disclosure Policy provides a safe and transparent way for security researchers, customers, and the broader community to report potential security issues in good faith.

It also explains how to identify legitimate Explorate domains and communications, helping you avoid phishing, impersonation, and fraud.

1. About this policy

Explorate is committed to working with the security community to identify and resolve potential vulnerabilities in our systems.

This policy provides a direct channel for reporting security concerns related to systems operated by Explorate and its affiliated entities. It is designed to ensure vulnerabilities are reported responsibly and handled quickly and safely.

Explorate does not operate a bug bounty program and does not provide financial compensation for reporting vulnerabilities.

2. What this policy covers

This policy covers:

  • Any product, platform or service operated by Explorate to which you have lawful access.

This policy does not cover:

  • Clickjacking.
  • Social engineering or phishing attempts.
  • Denial of Service (DoS or DDoS) attacks.
  • Posting, transmitting, uploading, linking to, or sending any malware.
  • Physical attacks.
  • Attempts to modify or destroy data.
  • Attempts to extract, scrape, or exfiltrate sensitive data.

This policy does not authorise penetration testing, hacking, or any activity that is unlawful or breaches Explorate’s terms and conditions.

3. How to report a vulnerability

If you believe you have found a vulnerability affecting Explorate systems or services, please report immediately by email: sec.2026@explorate.co

Please include as much information as possible so we can investigate effectively, including:

  • A description of the potential vulnerability,
  • The products or services affected (where known).
  • Steps to reproduce the issue.
  • Proof-of-concept code or screenshots (if applicable).
  • Your name (or alias) and contact details.

All vulnerability reports must remain confidential.
Do not publicly disclose the issue until Explorate confirms it has been resolved or mitigated.

If you comply with this policy and do not exploit or prematurely disclose the vulnerability, Explorate will not take legal action against you.

4. What will happen after you report

All vulnerability reports are reviewed by the Explorate security team.

Once a vulnerability is confirmed, Explorate will:

  • Acknowledge and respond to your report within 10 Business Days*.
  • Keep you informed as the investigation progresses.
  • Work with you to agree on a responsible public disclosure date.
  • Credit you for the discovery (with your consent), unless you prefer to remain anonymous.

If you do not provide contact details, we will still investigate your report, but we may not be able to follow up or credit you.

* Business Day means a day that is not a Saturday, Sunday or public holiday in Brisbane (Queensland), Sydney (New South Wales), Melbourne (Victoria), or Adelaide (South Australia).

5. Explorate official domains

Explorate only uses the following domains for its websites, platforms, and communications:

• explorate.co

• explorate.com.au

• atlasian.net (eg:. explorateglobal.atlassian.net)

If you encounter a website, login page, message, or advertisement claiming to be from Explorate that does not use one of these domains, it is not legitimate.

6. Legitimate Explorate email addresses

Explorate use a variety of email addresses to send communication from. Legitimate email addresses used by Explorate always end in one of the domains listed above. If you receive an email claiming to be from Explorate, but it was sent from an email address using a domain that is not on this list, do not reply, and contact the Explorate security team immediately.

hello@explorate.co

noreply@explorate.co

support@explorate.co

sec.2026@explorate.co

enquiry@explorate.co

7. Reporting phishing, fake sites, or impersonation

If you believe you have found:

  • A fake Explorate website.
  • A fake login page.
  • Fake job offers.
  • Fake social media accounts.
  • Fake reviews or ads.
  • Phishing emails pretending to be Explorate.

Please do the following:

  1. Take a screenshot or photograph of the fraudulent site or profile. Take note of the URL or any other details that are available.
  2. Do not click any links, or enter any details into the fraudulent site. If you have already done so, stop as soon as you realise that you are dealing with a fake site.
  3. Email the Explorate security team at: sec.2026@explorate.co

Include:

  • Your name and contact details.
  • A description of the potential security vulnerability.
  • The URL, email address, or platform involved.
  • Screenshots or other evidence.
  • Any steps that reproduce the issue.

These reports are handled under the same Responsibility Disclosure process described above.

7. No bug bounty or rewards

Explorate does not offer a bug bounty or financial rewards for reporting vulnerabilities.

Responsible disclosure helps protect our customers, partners, and platform, and we appreciate the contribution of the security community in keeping Explorate safe.

Platform
PLAN
Manage Purchase Orders
Book Shipments
Get Quotes
Plan Deliveries
OPERATE
Track Shipments
Shipment Management
Workflow Management
ANALYSE
Control Tower
Build Reports
Services
Integrations
Strategic Consulting
Freight Forwarding
Pricing
Company
About us
Contact us
Customer Support
Check us out
© Copyright 2026 Explorate Pty Ltd.
Legal StuffPrivacy PolicySecurity