Responsible Disclosure Policy
The security of users’ data is always our top priority. If you have discovered a security vulnerability anywhere in our services, we greatly appreciate your cooperation in disclosing it to us in a responsible manner, following the guidelines set out in this Policy.
We commit to acknowledge, validate, and fix vulnerabilities in the timeliest manner possible. We will not take legal action against or suspend access to our services for any party that has responsibly disclosed vulnerabilities discovered.
- If you believe you have found a vulnerability, do not share details about it with any third parties or the general public before it has been fixed;
- You can only conduct testing on accounts that you own or have permission from the owner to test on;
- Do not try to gain control of another user’s account or data;
- SPAM and DDoS attacks are never permitted;
- Do not use automated tools to find vulnerabilities;
- Automated/manual password guessing (also known as ”bruteforce attack”) against login forms is not permitted;
- Never use non-technical methods such as phishing and/or social engineering against employees or customers of Social Force Pty Ltd;
- Physical attacks against equipment, infrastructure, offices, and/or employees of Social Force and/or our partners are strictly forbidden.
How to report
Send us an e-mail at [email protected] with the details of the vulnerability you have discovered. Please make sure to include the following:
- As much detail as possible about the nature of the vulnerability so as to allow us to reproduce your steps;
- Your e-mail address;
- Name and a link to your Twitter/Facebook profile as you would like them to appear on this page.