Responsible Disclosure

Our Philosophy on Security

We believe Aclaimant's product should be safe & secure for all our users. In order to keep it safe and secure, we treat security as our top priority and guide our decisions based on our Security and Privacy Policies. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our customers and our systems.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in one of Aclaimant's applications, please do the following:

  • E-mail your findings to security@aclaimant.com as soon as possible, and we'll make every effort to resolve the issue.

  • Encrypt your findings using our PGP key to prevent this critical information from falling into the wrong hands.

  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

  • Provide Aclaimant a reasonable amount of time to resolve the issue before disclosing to the public or a third-party.

Exclusions

While researching, we'd like to ask you to refrain from:

  • Denial of service

  • Spamming

  • Social engineering (including phishing) of Aclaimant's staff or contractors

  • Any physical attempts against Aclaimant's property or data centers

  • Knowingly posting, transmitting, uploading, linking to, sending or storing any malicious software.

  • Testing in a manner that would result in the sending of unsolicited or unauthorized junk mail, spam, pyramid schemes or other forms of duplicative or unsolicited messages.

  • Testing or otherwise accessing or using Aclaimant from any jurisdiction that is a Prohibited Jurisdiction.

  • Testing third party applications or websites or services that integrate with or link to Aclaimant.

Our Commitment

We ask that you do not share or publicize an unresolved vulnerability with any third-party. If you responsibly submit a vulnerability report, the Aclaimant security team will use reasonable efforts to:

  • Acknowledge receipt of your vulnerability report in a timely manner.

  • Provide an estimated time frame for addressing the vulnerability report.

  • Notify you when the vulnerability is fixed.

  • We are happy to thank you for your responsible disclosure and helping us keep our customers safe.

PGP

Our PGP key is available on the MIT PGP Public Key Server.

Key type: RSA

Key size: 4096

ID: 65BD9E90A235A30C

Fingerprint: 2E3D C11E 4207 F0B4 C6E0 7B2F 65BD 9E90 A235 A30C