Vulnerability Disclosure Policy
How to submit a Vulnerability Report ✍
- Harm or have the intention of harming us or our customers, employees, partners or suppliers.
- Target the accounts or services, or attempt to access the data, of anyone other than yourself.
- Breach, or otherwise conduct yourself in any way not in accordance with, any applicable laws and regulations.
- Engage in or conduct social engineering, spamming, phishing, automated scanning, denial of service or other resource exhaustion attacks, or any other action that degrades, damages, or interrupts our services.
- Exploit any vulnerabilities identified in any manner, including by:
- Exfiltrating or attempting to exfiltrate any data.
- Misusing, copying, deleting, modifying or otherwise manipulating any data, programmes or systems.
- Access or change, or attempt to access or change, the services or data of any other individual.
- Compromising the personal data of any other individual.
- Share, or otherwise facilitate for others, system access.
- Test or attempt to test the physical security of any of our properties.
- Run automated scanning.
- Scan the infrastructure of any of our host providers.
- Disclose the details of any actual or suspected vulnerability or any Vulnerability Report, including any information related to a Vulnerability Report and the fact that you have submitted a Vulnerability Report to us, to any third party. You understand and agree that:
- We may use your Vulnerability Report for any purpose deemed relevant by us, including the correction of any identified vulnerabilities that we determine in our sole discretion to exist and require correction.
- Providing a Vulnerability Report to us and the undertaking any actions associated with such Vulnerability Report does not grant you a right to any intellectual property owned by us or any third party.
- The Vulnerability Report and any improvements, remediation, or similar proposed by you in relation to our services (Improvements) are owned by us, and you assign all intellectual property rights in the Vulnerability Report and any Improvements to us immediately on creation.
- Any Vulnerability Report is provided by you without expectation or requirement of any reward or benefit and without expectation that any vulnerability identified will be corrected by us.
- We will not be liable for any expense, damage, or loss of any kind which you may incur in relation to any Vulnerability Report.
- We will not provide any protection or immunity from civil or criminal liability (if any) under applicable laws and regulations.
- We do not assume any responsibility for the contents of any Vulnerability Report submitted by you.
- Our acknowledgement of any Vulnerability Report does not represent our endorsement of its contents.
- We are not obliged to consult with you about any public statement we may elect in our sole discretion to release in relation to a Vulnerability Report submitted by you.
- Nothing in this policy creates an agency, partnership, association, joint venture or similar relationship between you and us.