Vulnerability Disclosure Program

Overview

At Manatal, data security is our first priority and as such we are committed to building solutions that provide a secure experience to our users. We have launched this vulnerability disclosure program to facilitate and encourage reporting of security vulnerabilities. All legitimate reports of security vulnerabilities that are properly reported will be investigated and vulnerabilities addressed when appropriate.

Vulnerability Disclosure Program's Rules

All security issues must be shared with us and not be made public at any point. This includes but is not limited to not making it public on forums, social media, message boards, website, email, or mailing lists.

Do not engage in research that involves:

• Violation of privacy rights or confidentiality of data.
• Social engineering (including, but not limited to, phishing).
• Potential or actual damage to users, businesses, people, systems, data, or applications.
• Port scans on our networks or executing DDoS attacks.
• Disrupting or interrupting our services.

We will not bring any lawsuit against you or ask law enforcement to investigate you if you comply with the rules of the program unless we have any reason to believe that you did not act in good faith.

How to disclose vulnerabilities

Send a vulnerability report from our contact page and include the following points:

What type of vulnerability is being reported?

What are the steps to reproduce the vulnerability?

Who would be able to use the vulnerability and what would they gain from it?

Feel free to include attachments:

• Screenshots
• Logs
• Etc

How to disclose vulnerabilities

We will respond to your email within two weeks and give you updates on the status of the vulnerability.