Responsible Disclosure Statement
At Embrace The Human Cloud, the security of our systems is very important to us. Despite our concern for the security of our systems, it is possible that there is still a weak spot. If you have found a vulnerability in one of our systems, please let us know so that we can take action as soon as possible. We would like to work with you to better protect our customers and systems.
We ask you:
- To send your finding via the following URL.
- Not to exploit the problem by, for example, downloading more data than necessary to demonstrate the leak or viewing, deleting or modifying third-party data,
- Do not share the issue with others until it is resolved and delete any confidential data obtained through the leak immediately after the leak is closed,
- Not using attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications, and
- To provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. The IP address or URL of the affected system and a description of the vulnerability are usually sufficient, but more complex vulnerabilities may require more.
What we promise:
- We will respond to your report within 5 days with our review of the report and an expected resolution date,
- If you have complied with the above terms, we will not take legal action against you regarding the report,
- We will treat your report confidentially and will not share your personal information with third parties without your consent unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible,
- We'll keep you posted on the progress of resolving the issue,
- In reports about the reported problem, if you wish, we will mention your name as the discoverer.
We strive to resolve all issues as quickly as possible and would be happy to be involved in any publication about the issue after it has been resolved.