We pay a lot of attention to development and maintenance

Reporting

If you believe you’ve found a security issue in our product or service, please notify us as soon as possible.

• Do not share information about the security issue with others until it is resolved.
• Provide information about how and when the vulnerability or malfunction occurs. Clearly describe how this problem can be reproduced and provide information about the method used and the time of the investigation.
• Be responsible with the knowledge of the security problem. Do not perform any actions beyond those necessary to demonstrate the security problem. Do not exploit the vulnerability, and do not store confidential data obtained through it within the system.
• Leave your contact details (email address or phone number) if you want, so that we can contact you about the assessment and the progress of the vulnerability resolution. We also take anonymous reports seriously.
• Do not use physical attacks, DDOS attacks, or social engineering.

Rules

• Do not share information about the security issue with others until it is resolved.
• Provide information about how and when the vulnerability or malfunction occurs. Clearly describe how this problem can be reproduced and provide information about the method used and the time of the investigation.
• Be responsible with the knowledge of the security problem. Do not perform any actions beyond those necessary to demonstrate the security problem. Do not exploit the vulnerability, and do not store confidential data obtained through it within the system.
• Leave your contact details (email address or phone number) if you want, so that we can contact you about the assessment and the progress of the vulnerability resolution. We also take anonymous reports seriously.
• Do not use physical attacks, DDOS attacks, or social engineering.

How do we handle Responsible Disclosure?

When you report a suspected vulnerability in an IT system, we will deal with this in the following way:

• You will receive confirmation of receipt from us within three business days after the report.
• You will receive a response within seven business days of confirmation of receipt, including an assessment of the report and the expected resolution date. We strive to keep you informed on the progress of the resolution.
• We will treat your report confidentially and will not share your information with third parties without your permission unless this is required by law or by a court order.
• We will determine together with you whether and how the problem is reported on. The problem will only be reported on after it has been resolved. If you wish, we will list your name as the discoverer in the problem report.