Skip to main content

Responsible Disclosure

Introduction

At Tealstreet, we prioritize the security and privacy of our users. We recognize the valuable role that the security research community plays in maintaining a safe and secure online environment. This Vulnerability Disclosure Policy provides guildelines for working with us to disclose potential vulnerabilities.

Guidelines

If you have discovered a potential security vulnerability, we ask that you report it to us under the following guidelines:

  • Secure Reporting: Please email your findings to us at [[email protected]].
  • Responsible Investigation: Avoid any testing that would result in:
    • Denial of service to our users or infrastructure.
    • Social Engineering or phishing attempts against our users or employees.
    • Degradation of user experience, disruption to production systems, and destruction of data.
  • Confidentiality: Please keep the issue confidential until we have resolved it. We respect the importance of privacy and confidentiality and we expect the same in return.
  • Proof of Concept: Please provide detailed steps to reproduce the vulnerability. This should include scripts, screenshots, or exploits.
  • Safe Harbor: If you follow these guidelines when reporting an issue to us, we commit to:
    • Not Pursuing or supporting any legal action related to your research.
    • Working with you to understand and resolve the issue quickly, including an initial confirmation of your report within 72 hours.
    • Recognizing your contribution to improving our security if you are the first to report the issue and we make a code or configuration change based on the issue.

Recognition and Rewards

While we do not currently have a bug bounty program, we do recognize the effort of security researchers. We are open to discussing recognition or rewards for significant contributions in line with the impact of the reported issue.

Communication

Once you've submitted a vulnerability report, we will respond within 72 hour to:

  • Acknowledge receipt of your report.
  • Provide an estimated time frame for a fix.
  • Ask for additional information if needed.

For more information or questions about this policy, contact us at [[email protected]].