At Powerfin Technology, our systems are extremely secure. Despite paying close attention to security during the entire service offering process and maintenance, we may still have a weak point in our systems. It is important that we are notified as soon as possible if our systems are vulnerable, so we can eliminate the vulnerability as soon as possible.
THE REPORTING PROCESS
If you find a security issue in one of our systems, please notify us immediately by email at info@powerfintechnology.com.
RULES TO FOLLOW
Our responsible disclosure policy does not imply an open invitation for active scanning for vulnerabilities in our network and applications. If our continuous monitoring system detects your scan, we will investigate it. You should wait until the issue has been resolved before sharing information about it with others, and delete all confidential data as soon as it has been resolved. A third-party's data cannot be viewed, deleted, or amended in order to demonstrate the leak. It would be helpful if you could provide as much detail as possible so that we can reproduce, validate, and resolve the issue as quickly as possible. Include your test data, timestamps, and URLs of the affected systems.
We will contact you about the progress of the solution if you provide your contact information (e-mail and/or phone number). We welcome anonymous reports. Be careful not to attack physical security, use social engineering, cause a distributed denial of service, or spam third-party applications.
RESPONSE TO SECURITY ISSUES
We will confirm receipt of your report within three working days. Within 3 working days of receiving confirmation of receipt, you will receive an assessment of the security issue and an estimated resolution date. As long as you follow the above conditions, your report will not be subject to legal action. In accordance with the law, your report details will not be shared with third parties without your permission.
THE BUG BOUNTY PROGRAM
You can report a security issue or vulnerability to Powerfin Technology. In the event that anyone discloses to us a design or implementation issue that could compromise the privacy or integrity of our user's data that we were unaware of, we may reward them appropriately. We determine rewards and eligibility for reports.
EXCLUSIONS
The following types of security problems are excluded:
We will not investigate reports without any proof (such as screenshots or other data), detailed information, or details on how to reproduce any unexpected result.