Responsible disclosure policy
Last updated 25th Jan, 2021
Data security is very important to us at Consent Kit, and we believe that continuously working with skilled security researchers is the best way to identify vulnerabilities in technology.
If you believe you’ve found a potential vulnerability or weakness in our service, please notify us; we will work with you to resolve the issue as quickly as possible.
Disclosing a weakness
If you believe you’ve found a potential vulnerability or weakness, please email us at email@example.com. We will acknowledge your email within five business days.
We ask that you:
- Please only interact with accounts you own or for which you have explicit permission from the account holder.
- Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Consent Kit service.
- Provide us with a reasonable amount of time to resolve any discovered issue before disclosing it to the general public or any third party. We always aim to resolve critical issues within one week of disclosure.
While researching, we’d like you to refrain from:
- Distributed Denial of Service (DDoS)
- Automated penetration tests or vulnerability scans
- Social engineering or phishing of Consent Kit employees or contractors
- Any attacks against Consent Kit’s physical property or data centers