Media Tech Smart Control Ltd. (“DOMEX”, “we”, “our”) is committed to protecting the security and privacy of our customers and partners.
This policy explains how security researchers, customers and partners can responsibly report vulnerabilities affecting DOMEX products and services.
This policy applies to all DOMEX systems including:
• DOMEX cloud platform (PCC – Professional Cloud Configuration)
• Mobile applications (Domex.Life App)
• Controllers and firmware
• Public APIs and integrations managed by DOMEX
• Official DOMEX websites and online services
Security reports must be sent only to:
This email address is intended strictly for security vulnerability reports.
For technical support, installation or product assistance please contact: [email protected]
Please include:
• Description of the vulnerability
• Affected product or service
• Firmware / app version (if known)
• Steps to reproduce
• Proof of concept (screenshots, logs or video if possible)
• Your contact details
DOMEX aims to follow this process:
• Acknowledge report: within 5 business days
• Initial assessment: within 10 business days
• Remediation timeline: depends on severity and complexity
• Security update or mitigation: as soon as reasonably possible
We may request additional information during investigation.
The following activities are permitted when conducted in good faith:
• Testing devices you own or have permission to test
• Non-destructive testing
• Avoiding access to other users’ data
• Reporting vulnerabilities privately to DOMEX
The following are not authorized:
• Accessing systems, homes or accounts without permission
• Intercepting or altering other users’ data
• Physical tampering in occupied installations
• Denial-of-service or service disruption attacks
• Social engineering, phishing or extortion
• Public disclosure before coordination with DOMEX
DOMEX follows coordinated disclosure practices.
Researchers agree not to publicly disclose vulnerabilities until:
• A fix is released, or
• 90 days have passed from acknowledgement (unless extended by mutual agreement)
DOMEX will not pursue legal action against individuals who:
• Act in good faith
• Follow this policy
• Avoid privacy violations
• Provide reasonable time for remediation
This safe harbor applies only to activities consistent with this policy and applicable law.
Typically excluded from this program:
• Third-party platforms not controlled by DOMEX
• Theoretical attacks without demonstrable impact
• Issues requiring unrealistic attack conditions
• Missing best-practice headers on marketing pages
DOMEX currently does not operate a public bug bounty program.
We may acknowledge responsible researchers at our discretion.
This policy does not create any contractual relationship between the reporter and DOMEX.
Submission of a report does not grant authorization beyond the scope defined in this policy.
DOMEX is not liable for any costs, damages, or losses incurred by the reporter in connection with testing or disclosure activities.
Testing must comply with all applicable laws and regulations.
Nothing in this policy authorizes illegal activity.
Security Team – DOMEX
Media Tech Smart Control Ltd.
Flamingo 4, Be’er Yaakov, Israel
[email protected]