Contact

Responsible Disclosure

We take our responsibility. Do you?

At Touch Network B.V. we consider the security of our systems very important. Despite our care for the security of our systems, it may happen that there is a vulnerability. If you have found a vulnerability in one of our systems, we would like to hear about it. That way we can take measures as quickly as possible. We would like to work with you to better protect our customers and our systems.

We ask of you:

  • Email your findings to privacy@touchincentive.com;
  • Not exploit the vulnerability by, for example, downloading more data than necessary to demonstrate the vulnerability or by viewing, deleting or modifying third-party data;
  • Do not share the vulnerability with others until it is resolved, and immediately after the leak is closed, delete all confidential data obtained;
  • Not to use physical security attacks, social engineering, distributed denial of service, spam or third-party applications;
  • Provide sufficient information to reproduce the vulnerability so that we can resolve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.

What we promise:

  • We will respond to your report within 5 days. We will indicate whether it is a vulnerability unknown to us or not;
  • If it is an unknown vulnerability, we are going to determine its risk and decide whether to implement the solution you suggested. If so, we’ll keep you updated on the progress of resolving the issue;
  • As a thank you for your help, we offer a reward of €25 for every report of a vulnerability still unknown to us for which we decide to implement your proposed solution;
  • If you have complied with the above conditions, we will not take any legal action against you as a result of your report;
  • We will treat your report confidentially and will not share your personal data with third parties without your consent, unless it is necessary to fulfill a legal obligation. Reporting under a pseudonym is possible. In communications about the reported vulnerability we will, only if you wish, include your name as the discoverer.
Want to know more about how we safeguard you and our security? If you do, be sure to read our privacy statement.
Back to the homepage
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.