At Loydd Software, we value security highly. That is why we pay attention to the security of privacy-sensitive data in a continuous process. For example, we regularly have penetration tests carried out by professional external organisations and implement the resulting recommendations directly in our software.
Ethical Hacking
Despite the great attention paid to securing our customers' data, break-ins can happen. We welcome the concept of ethical hacking and appreciate it when - responsibly - vulnerabilities in our software are reported.
If you find a vulnerability in one of our systems, we would like to hear about it. This enables us to take measures as quickly as possible. We would like to work with you to protect our customers and our systems even better.
We ask you to:
email your findings to security@Loyddsoftware.com,
Not to abuse the problem by, for example, downloading more data than necessary to demonstrate the leak. We also ask you not to view, delete or modify any third-party data;
Not to share the problem with others until it is resolved and to delete all confidential data obtained through the leak immediately after confirming the report;
Not to use physical security attacks, social engineering, (distributed) denial of service, spam or third-party applications;
Provide sufficient information to reproduce the problem so that we can resolve it as soon as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability is sufficient, but for more complex vulnerabilities, we may ask you for more information.
What we promise:
We will treat your report with the highest priority and respond to your report within three days at the latest. In this response, you can expect us to provide an assessment of the report and an expected date for a resolution.
If you comply with the above conditions, we will not take any legal action against you regarding the report.
We will treat your report confidentially and will not share your personal data with third parties without your consent, unless necessary to comply with a legal obligation.
We will keep you informed of the progress in resolving the problem.
In notifications about the reported problem, we will include your name as the discoverer, if you wish.
Depending on the impact of the vulnerability, we will provide financial compensation (bug bounty).
We aim to resolve all problems as soon as possible and we would be happy to be involved in any publication about the problem after it has been resolved.
