At Privado, we consider the security of our systems a top priority. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our users and systems.
Please do the following:
- Notify us at [email protected] as soon as possible after you discover a real or potential security issue
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data
- Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish persistent command line access, or use the exploit to pivot to other systems
- Provide us a reasonable amount of time to resolve the issue before you disclose it publicly
- Do not submit a high volume of low-quality reports
What we promise:
- We will respond to your report within 5 business days with our evaluation of the report and an expected resolution date
- We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission
- We will keep you informed of the progress towards resolving the problem
- In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise)