Updated – November 2, 2022
RESPONSIBLE DISCLOSURE POLICY
As Juphy, we give the utmost importance to the security of our services and platforms containing our users’ data. We encourage those who have discovered potential security vulnerabilities in the Juphy Platform to disclose it to us in a responsible manner through our ‘bug report’ program.
We will work with security researchers to validate and respond to vulnerabilities that are reported to us. If you discover a security vulnerability and report in accordance with this Responsible Disclosure Policy, we will not take legal action or terminate your account access. Herewith, Juphy reserves all of its legal rights in the event of any noncompliance to the applicable laws, regulations and our Terms of Service and Applicable Use Policy.
Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.
1 – Testing for Security Vulnerabilities
You may only test against an account for which you are the account owner, or an agent authorized by the account owner to conduct such testing.
2 – Juphy Prohibits the Following Types of Research:
3 – Reporting Potential Vulnerabilities
If you believe you have found a security issue/vulnerability, please share the details of any suspected vulnerabilities with Juphy IT & Security Team.
While investigating the matter, only use methods or techniques that are compliant with the law and necessary practices in order to find or demonstrate the weaknesses, without limiting the generality of the foregoing.
Please do not publicly announce the vulnerability but get in touch with us and give us the time to examine the issue. The safety of our users’ information and assets is our top priority. Therefore, we encourage anyone who has discovered a vulnerability in our systems to act instantly and help us improve and strengthen the safety of our sites and systems.
In reporting any suspected vulnerabilities, please include the following information:
4 – No Compensation
Juphy does not compensate individuals or organizations for identifying potential or confirmed vulnerabilities. Requests for monetary compensation will be deemed in violation of this Responsible Disclosure Policy.
5 – Juphy’s Commitment
To all security researchers who follow this Responsible Disclosure Policy, Juphy undertakes to:
Juphy will review the submission to determine if the finding is valid and has not been previously reported. Publicly disclosing the submission details of any identified or alleged vulnerability without expressed written consent from Juphy will deem the submission as non-compliant with this Responsible Disclosure Policy. Juphy reserves the right to change the content of this policy at any time, or to terminate the policy.
6 – Many Thanks!
We appreciate your help by disclosing it to us in a responsible manner.