Responsible Disclosure Policy

Data security is a top priority for SmartPath, and SmartPath believes that working with skilled security researchers can identify weaknesses in any technology.

If you believe you’ve found a security vulnerability in SmartPath’s service, please notify us; we will work with you to resolve the issue promptly.

‍

Disclosure Policy

• If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@joinsmartpath.com. We will acknowledge your email within 24 hours.
• Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.
• Make a good faith report to avoid violating privacy, destroying data, or interrupting or degrading the SmartPath service. Please only interact with SmartPath Security personnel.

‍

Exclusions

While researching, we’d like you to refrain from:

• Denial of Service (DDoS)
• Spamming
• Social engineering or phishing of SmartPath employees or contractors
• Any attacks against SmartPath’s physical property or data centers

Thank you for helping to keep SmartPath and our users safe!

‍

Changes

We may revise these guidelines from time to time. The most current version of the guidelines will be available at joinsmartpath.com/disclosure.

‍

Contact

SmartPath is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at hello@joinsmartpath.com.

‍

Responsibility

It is the COO’s responsibility to see this policy is enforced.

‍

‍

Last updated: 11/13/2019