We treat safety and privacy very seriously. We do our best to ensure that our services are of the best quality and safe from dangers. These may happen, and we cannot entirely able to prevent them. That’s why we encourage everyone to responsible disclosure.
Feel welcome to find vulnerabilities and other issues and help in their resolving. Please read the below information for more details.
Included Services
Any products, services, websites, API endpoints, and server infrastructure provided by Deviate Studio.
Rules
- Make sure to avoid disrupting the service availability or impacting others’ data when testing products.
- Do not modify or access data that does not belong to you.
- You should limit the testing to websites and products operated directly by Deviate Studio. Some of our services may be hosted by third parties on our behalf, where our policies don’t apply. While we won’t be able to resolve such issues, we’ll do our best to escalate them to the appropriate companies.
- Don’t utilize scanners and automatic tools in searching for vulnerabilities.
- Don’t share any personal information of others if obtained. You shall respect others’ rights and keep any confidential information in compliance with Privacy Policy.
- Don’t publicly disclose or share details regarding found issues until those issues are resolved, and we agree for a disclosure.
- You should follow HackerOne’s Disclosure Guidelines.
- Never attempt non-technical attacks such as social engineering (e.g., phishing, vishing, smishing) or physical attacks against our employees, users, or infrastructure.
Out-of-Scope Vulnerabilities
When reporting an issue, you should consider the issue’s severity. Some cases are less relevant, and we may take no action on such reports, but we appreciate being informed about each potential issue so this attack vendor is further investigated.
Reporting
When reporting, make sure to:
- Make a reasonable effort to avoid privacy violations, destruction of data, and interruption or degradation of our services;
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).
You may report all issues safely by mailing [email protected]. Your mail will be directed to authorized personnel to review your concerns further. You may also use this mail to ask any security-related questions.