Responsible Disclosure Policy

Last updated 24 January 2022

Keeping customer data safe and secure is our top priority. If you’ve discovered a security vulnerability, please do not share it publicly.  We encourage you to notify us and welcome working with you to resolve the issue promptly, you can reach us at support@seaber.io

The purpose of this policy is to record the procedures of Seaber concerning communications with the security professionals in order to avoid selective or unlawful disclosure of Seaber’s information.

Rules for Researchers

  • Avoid deletion of data, gaining unauthorized data access, or cause service disruption while testing the vulnerability you found.
  • Do not access or modify, or attempt to access or modify, data that does not belong to you.
  • Do not execute, or attempt to execute, a Denial of Service (DoS) attack.
  • Do not run any automated tools against our servers without prior contact with Seaber.
  • Do not try to abuse our servers’ resources.
  • Do not publicly share the issue details without prior contact with Seaber
  • Do not attempt to blackmail us, or try to sell us your security report.
  • When in doubt, contact us at support@seaber.io

Our Commitment

  • We will not pursue any legal action against you, if you obey the rules stated above.
  • We will reply to all correctly submitted reports, and we will work with you on fixing the issue.
  • We will perform our own risk assessment for every reported vulnerability.
  • If your report is not eligible, we will let you know the reason why.

Reporting a security vulnerability

Please include the following details with your report:

  • Description of the location and potential impact of the vulnerability.
  • A detailed description of the steps required to reproduce the vulnerability.
  • Contact information so we can work with you resolving the issue reported.

Rewards / Compensation

  • We do not offer cash compensation for security reports.
  • For reports that we identify as particularly important, we may reward you with Seaber swag. If you’d like to receive something from us, please put your mailing address in your report, or share it later when we confirm the eligibility of your report.

Privacy

When you send us a report, you also consent to us storing and processing your name and contact details.

If you want to know more about your privacy rights, see Seaber privacy policy