Effective date: February 5th, 2025
We prioritize the security of our systems and data. However, no matter how much effort we put into system security, vulnerabilities will exist. If you encounter a vulnerability, please report it to us following the steps below so we can resolve the issue as soon as possible.
Of course, your actions must not violate any law or disrupt or compromise any data that is not yours.
Found a security vulnerability?
Please take the following steps:
E-mail your findings to security@chargetrip.com. Encrypt your findings using our PGP key to prevent critical information from falling into the wrong hands,
Please do not take advantage of the vulnerability or problem you have discovered, for example, by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data,
Please refrain from revealing the problem to others until it has been resolved,
Please do not use attacks on physical security, social engineering, distributed denial of service, spam, or applications of third parties and
Please provide sufficient information to reproduce the problem so we can resolve it quickly. Usually, the affected system's IP address or URL and a description are sufficient. However, complex vulnerabilities may require further explanation.
Our commitment to vulnerability disclosure
We will respond to your report within ten business days with our evaluation of the information and an expected resolution date,
If you follow the instructions above, we won't take legal action against you in response to your reported findings,
We will handle your report with strict confidentiality and will keep your details private,
We will keep you informed of the progress towards resolving the problem,
We will credit you as the discoverer of the vulnerability in any potential public statement (unless you desire otherwise), and
As a token of our appreciation, we will offer a reward for every reported and validated security issue. Our security officer will determine the reward amount based on the severity of the leak and the quality of the report. The maximum reward is €25 per report; however, in exceptional cases, we may grant a higher amount at our sole discretion. All rewards will be paid through PayPal after personal identification is provided; please note that there are no exceptions to these payment terms.
This policy is not a competition but rather an experimental and discretionary rewards program. You should understand that we can cancel the program at any time, and the decision to pay a reward is entirely at our discretion. Chargetrip reserves the right to change this policy at any time.
Please note that we cannot reward individuals on sanctions lists or those residing in countries on EU sanctions lists.
Chargetrip Data Controller
Chargetrip B.V.
security@chargetrip.com
