Vulnerability Disclosure Policy
At Routely Systems Ltd. (“Routely”), we are committed to protecting the privacy and security of our users' personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard the personal data that you provide to us through our shipping platform. By using our platform, you agree to the terms and conditions of this Privacy Policy.
Reporting Security Vulnerabilities
If you believe you have discovered a security vulnerability on our website, we appreciate your cooperation in responsibly disclosing it to us. Please report any suspected vulnerabilities to us promptly by emailing us at hello@routely.co. When reporting, please provide detailed information about the vulnerability, including steps to reproduce, potential impact, and any other relevant information.
Scope of In-Scope Vulnerabilities
We are interested in vulnerabilities that could potentially compromise the confidentiality, integrity, or availability of our website or user data. Examples of in-scope vulnerabilities include but are not limited to: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Code Execution (RCE), SQL Injection, and Authentication or Authorization vulnerabilities.
Responsible Disclosure
We request that you do not disclose the vulnerability publicly until we have had sufficient time to investigate and address the issue. Routely commits to making best efforts to acknowledge receipt of your vulnerability report within 48 hours and to provide regular updates on the progress of the investigation and resolution. We also commit to fixing the vulnerability in a timely manner and keeping you informed of the resolution timeline.
Legalities
While we appreciate responsible disclosure, we will not take legal action against security researchers who act in good faith and follow this Policy. However, we do require that you adhere to the guidelines outlined in this Policy and not engage in any malicious activities that could cause harm to our website or users' data.
Rewards and Recognition
As a token of our appreciation for your responsible disclosure, we may offer rewards, recognition, or acknowledgments to security researchers who report valid vulnerabilities. The reward amount, if any, will be determined at our discretion and will depend on the severity and impact of the vulnerability reported.
Testing Limitations
Please refrain from performing any testing that could disrupt or harm our website, users' data, or our services. We do not authorize any testing that involves activities such as DDoS attacks, social engineering, or any other activities that violate applicable laws or regulations.