Vulnerability Disclosure Policy
The safety of our customers’ information is extremely important to us. We constantly strive to achieve the highest possible security and quality. Despite our constant efforts, issues may remain. Therefore, if you have found a security flaw, we would definitely like to know more about it and correct the problem as soon as possible.
How to report a vulnerability?
For responsible disclosure please send an email describing the issue to firstname.lastname@example.org, outlining a step by step guide on how to resolve the issue. We will then get back to you promptly.
In the meantime, please do not disclose vulnerabilities to others and do not exploit vulnerabilities any further than necessary to prove its existence. Data from legitimate users of the service must not be altered or destroyed.
We will work together with you to resolve the issue.
The fine print
Unless required by law, we will not take legal action against you, the person who reported the vulnerability. We will however prosecute against anyone abusing any system vulnerabilities.
We do not pay bounties by default. We may choose to set up a consulting agreement and pay out a reward in case you have detected a serious issue.