Responsible Disclosure Policy

Principles:

We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you believe you have discovered a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Guidelines:

• Only demonstrate the vulnerability as necessary.
• Do not disclose the issue until it's resolved.
• Avoid physical security attacks, social engineering, denial of service, spam, or third-party applications.
• Include sufficient details like IP address or URL and a clear description of the vulnerability.

Commitments:

• We'll acknowledge your report within 3 business days and provide an estimated resolution timeline.
• No legal action will be taken if you adhere to our guidelines.
• Your report will be kept confidential; we won't share your personal details without permission.
• You'll be informed of our progress and credited publicly unless you prefer anonymity.
• We aim for prompt resolution and will participate in publishing the fix after the issue is resolved.