# Contact & Reporting This page is the directory of contact channels for matters relating to the security, compliance, and lifecycle of Flopsar. It is the page referred to by the Vulnerability Disclosure Policy, the EU Declaration of Conformity, and the Cyber Resilience Act compliance matrix, and is identified as the **single point of contact** required by Article 13(1) of Regulation (EU) 2024/2847. For matters that are not security-related — for example, questions about licensing, professional services, or partnership — see the contact options on the corporate site at [flopsar.com](https://flopsar.com). ## At a glance | If you want to… | Use… | | -------------------------------------- | ------------------------------------------------------------------------- | | Report a vulnerability | `security@flopsar.com` (PGP) | | Ask about Flopsar's security model | `security@flopsar.com` | | Ask about personal data processing | `gdpr@flopsar.com` | | Open a commercial support ticket | `support@flopsar.com` | | Reach us by post | Flopsar Technology Sp. z o.o., ``, Poland | | Notify us as a national CSIRT or ENISA | the dedicated authority channel in Section 4 below | ## Vulnerability reports — Single Point of Contact under Article 13(1) The **Single Point of Contact** for vulnerability reports concerning Flopsar is the Flopsar Product Security Incident Response Team (PSIRT). **Email:** `security@flopsar.com` **PGP key fingerprint**: **PGP key downlad**: **Languages accepted**: Polish, English. PSIRT is monitored on business days during European business hours. Reports received outside those hours are acknowledged on the next business day at the latest. Reports related to **actively exploited vulnerabilities** are handled with priority and trigger out-of-hours escalation. The full triage and remediation process — including what information to include in a report, how severity is classified, and how coordinated disclosure is conducted — is described in the [Vulnerability Disclosure Policy](/7/vulnerability-disclosure-policy.md). ### Reporting through a national CSIRT or ENISA In line with Article 13(11) of Regulation (EU) 2024/2847, a reporter may report a vulnerability through their **national CSIRT designated as a coordinator**, or through **ENISA**, instead of or in addition to reporting to Flopsar Technology Sp. z o.o. directly. Flopsar Technology Sp. z o.o. will cooperate fully with any such CSIRT or with ENISA in the course of handling the report. ### If you do not receive a response If you have not received an acknowledgement of your report within a reasonable time, please re-send the message to `security@flopsar.com`. Out-of-band escalation by post is also possible (see Section 8). ## Security inquiries other than vulnerability reports For questions about Flopsar's security model, hardening, cryptography, or compliance posture — without a specific vulnerability to report — write to `security@flopsar.com`. The PSIRT team forwards inquiries that do not concern vulnerabilities to the appropriate engineering or compliance contact. We do not maintain a separate "security questions" mailbox; the single channel keeps response times predictable and avoids messages being misdirected. ## Reporting channels under Article 14 of the Cyber Resilience Act Article 14 of Regulation (EU) 2024/2847 obliges the manufacturer to notify the appointed CSIRT and ENISA of actively exploited vulnerabilities and of severe cybersecurity incidents that have an impact on the security of the product. The obligation applies from **11 September 2026**. The reporting channels Flopsar Technology Sp. z o.o. uses are: * **ENISA single reporting platform** (Article 16 of the Regulation), once operational; * the **national CSIRT designated as a coordinator** in Poland, which is ``, through the channels that authority publishes. This information is provided here for the benefit of authorities and of customers operating Flopsar in Member States other than Poland; it does not imply that reporters of vulnerabilities should use these channels in preference to the Single Point of Contact in Section 1. For coordinated vulnerability disclosure, the PSIRT mailbox remains the primary channel. National CSIRTs, market surveillance authorities, and ENISA staff who wish to establish a direct working contact with Flopsar Technology Sp. z o.o. may write to `security@flopsar.com`. Inquiries from authorities are treated with priority. Where the inquiry relates to a specific reporting obligation under the Regulation or under other Union law, the email is escalated within business hours and is responded to on a best-effort basis around the clock. ## Sales and general inquiries For sales, partnership, marketing, and other commercial inquiries unrelated to security or data protection, see the contact form on the corporate site at . We do not handle sales inquiries through `security@flopsar.com`. ## Press and media For press, analyst, and media inquiries `contact@flopsar.com`. We do not comment on individual security reports, advisories, or ongoing investigations beyond what has been published at Security Advisories or at the corresponding advisory page. We do not name researchers without their explicit written consent. ## PGP keys Encrypted communication is supported on every channel listed on this page that names an email address. The following PGP keys are published by Flopsar Technology Sp. z o.o. for use with these channels. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.flopsar.com/7/contact-and-reporting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.