Responsible Disclosure Policy

1. Purpose

The purpose of this policy is to encourage responsible and ethical reporting of security vulnerabilities in our software and systems. We take the security of our products and services seriously and believe that working with the community is a vital part of maintaining the security of our customers.

2. Scope

This policy applies to all of our products and services, including software, websites, and online services.

3. Guidelines for Reporting Vulnerabilities

• Community members are encouraged to contact us immediately upon discovery of a potential vulnerability.
• When reporting a vulnerability, please provide us with a detailed description of the issue, including steps to reproduce the vulnerability if possible.
• Do not publicly disclose the vulnerability until it has been fixed and we have had a chance to notify affected customers.
• Do not use the vulnerability for any malicious or unauthorized activity, including but not limited to data theft, unauthorized access, or denial of service.

4. Our Responsibilities

• We will acknowledge receipt of your report
• We will provide an estimated timeline for when the vulnerability will be fixed, if the reported issue is valid
• We will keep you informed of our progress in fixing the vulnerability, if the reported issue is valid

5. Legal

• You agree to comply with all applicable laws and regulations in connection with your participation in this program.
• We will not take legal action against you for any activities that are consistent with this policy.

6. Changes to the Policy

We may change this policy at any time without notice.

7. Contact

To report a vulnerability, please contact us at hello@simplehash.com with the email subject “Responsible Security Disclosure”.