Updated – October 10, 2022
RESPONSIBLE DISCLOSURE POLICY
As Juphy, we give the utmost importance to the security of our services and platforms containing our users’ data. We encourage those who have discovered potential security vulnerabilities in the Juphy Platform to disclose it to us in a responsible manner through our ‘bug report’ program.
We will work with security researchers to validate and respond to vulnerabilities that are reported to us. If you discover a security vulnerability and report in accordance with this Responsible Disclosure Policy, we will not take legal action or terminate your account access. Herewith, Juphy reserves all of its legal rights in the event of any noncompliance to the applicable laws, regulations and our Terms of Service and Applicable Use Policy.
Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.
Testing for Security Vulnerabilities
You may only test against an account for which you are the account owner, or an agent authorized by the account owner to conduct such testing.
Juphy Prohibits the Following Types of Research:
Accessing, or attempting to access, data that does not belong to you
Using social engineering techniques to gain access to a system
Altering or deleting any information in the system or application
Executing, or attempting to execute, a “denial of service attack”
Using brute force techniques, such as repeatedly entering passwords, to gain access to systems
Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages
Testing third party websites, applications or services that integrate with Juphy
Knowingly posting, transmitting, uploading, linking to, sending or storing any malware, viruses or similar harmful software
Research conducted by minors, individuals on sanctions lists or individuals in countries on sanctions lists
Reporting Potential Vulnerabilities
If you believe you have found a security issue/vulnerability, please share the details of any suspected vulnerabilities with Juphy IT & Security Team.
If you are a Client or an Authorized User, please contact us through the Community Board within your Account Dashboard.
If you are an independent researcher/analyst, please contact us at support@juphy.com.
While investigating the matter, only use methods or techniques that are compliant with the law and necessary practices in order to find or demonstrate the weaknesses, without limiting the generality of the foregoing.
Please do not publicly announce the vulnerability but get in touch with us and give us the time to examine the issue. The safety of our users’ information and assets is our top priority. Therefore, we encourage anyone who has discovered a vulnerability in our systems to act instantly and help us improve and strengthen the safety of our sites and systems.
In reporting any suspected vulnerabilities, please include the following information:
Exploit details with adequate information to allow us to reproduce your steps
A description of the issue and where it is located along with screenshots
Your email address
No Compensation
Juphy does not compensate individuals or organizations for identifying potential or confirmed vulnerabilities. Requests for monetary compensation will be deemed in violation of this Responsible Disclosure Policy.
Juphy’s Commitment
To all security researchers who follow this Responsible Disclosure Policy, Juphy undertakes to:
Acknowledge receipt of your vulnerability report,
Work with you to understand and validate the issue,
Address the risk as deemed appropriate by the Juphy team,
Work together to prevent cyber-crime.
Publicly acknowledge your responsible disclosure, if you wish
Juphy will review the submission to determine if the finding is valid and has not been previously reported. Publicly disclosing the submission details of any identified or alleged vulnerability without expressed written consent from Juphy will deem the submission as non-compliant with this Responsible Disclosure Policy. Juphy reserves the right to change the content of this policy at any time, or to terminate the policy.
Many Thanks!
We appreciate your help by disclosing it to us in a responsible manner.