Effective: August 15, 2024
We consider the security of our systems and data a top priority. But no matter how much effort we put into system security, there will be vulnerabilities. If you encounter a vulnerability, please report it to us following the steps below so we can resolve the issue as soon as possible.
Of course, your actions must not violate any law or disrupt or compromise any data that is not yours.
Found a security vulnerability?
Please take the following steps:
E-mail your findings to security@chargetrip.com. Encrypt your findings using our PGP key to prevent critical information from falling into the wrong hands,
Please do not take advantage of the vulnerability or problem you have discovered, for example, by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data,
Please refrain from revealing the problem to others until it has been resolved,
Please do not use attacks on physical security, social engineering, distributed denial of service, spam, or applications of third parties and
Please provide sufficient information to reproduce the problem so we can resolve it quickly. Usually, the affected system's IP address or URL and a description are sufficient. However, complex vulnerabilities may require further explanation.
Our commitment to vulnerability disclosure
We will respond to your report within ten business days with our evaluation of the information and an expected resolution date,
If you follow the instructions above, we won't take legal action against you in response to your reported findings,
We will handle your report with strict confidentiality and will keep your details private,
We will keep you informed of the progress towards resolving the problem,
We will credit you as the discoverer of the vulnerability in any potential public statement (unless you desire otherwise), and
As a token of our gratitude, we will offer a reward for every reported and validated security issue. Our security officer will determine the reward amount based on the severity of the leak and the quality of the report. The minimum reward will be a €25 pre-paid Visa or MasterCard. All rewards will be paid using pre-paid credit cards; please know there are no exceptions to how we pay potential rewards.
This policy is effective as of August 1, 2022. It is not a competition but rather an experimental and discretionary rewards program. You should understand that we can cancel the program at any time, and the decision as to whether or not to pay a reward is entirely at our discretion. Chargetrip reserves the right to change this policy at any time.
Please note that we cannot issue rewards to individuals on sanctions lists or those residing in countries on EU sanctions lists.
Chargetrip Data Controller
Chargetrip B.V.
security@chargetrip.com
