Responsible Disclosure

This is what we ask of you:

• Please report your findings to disclosure@spotler.com. Please use our PGPKEY (link) to encrypt your information, and send it to us safely. Please do not take advantage of the problem by downloading more data than necessary for indicating the breach, nor to view, delete, or change data of third parties.

• Please do not discuss the problem with others, until it is solved. Also, we ask you to delete all prospective confidential data, you may have obtained because of the breach.

• Please do no take advantage of the breach by attacking physical security, social engineering, distributed denial of service, spam of applications of third parties.

• Please provide us with enough information so we can reproduce the problem and solve it swiftly. In most cases, the IP address or URL of the concerning system and a detailed description of the vulnerability are sufficient. In some cases, more information is required.

This is what we promise you:

• We will respond to your report within 3 days, with an estimation of the urgency and expected resolution date.

• If you have followed the requirements as mentioned above, we will not take any legal steps towards you or your organisation, regarding the reported issue.

• We will always handle your report with utmost discretion and carefulness – and we will not share your personal data with third parties, unless this is absolutely necessary for legal reasons. We can also use an alias.

• We will keep you informed about the progression of the resolution of the problem.

• In case desired, we can mention your name as the person who discovered the issue in communication regarding the issue.

We try to solve all issues as quickly as possible and we will gladly be involved in case an issue is published externally.