Vulnerability Disclosure Policy

Taptic is committed to safeguarding and protecting our information and any other information entrusted to us.

We take cyber security very seriously and recognise the importance of privacy and cyber security. We are committed to addressing and reporting security issues through a coordinated and constructive process, designed to drive the greatest protection for technology users, and protection of Taptic information, along with information relating to our customers and employees.

When appropriately notified of legitimate issues, we will do our best to acknowledge your vulnerability report, assign resources to investigate the issue, and fix potential problems as quickly as possible.

Reporting Security Issues

If you believe you have discovered a vulnerability in a Taptic asset / system or have a security incident to report, please send an email to:

Guidelines

In all cases, you must:

  • Respect our privacy, which includes the privacy of our employees, clients and 3rd parties. Contact us immediately if you access anyone else’s data, personal, financial, or otherwise. This includes usernames, passwords and other credentials. You must not save, store, process or transmit this information.
  • Act in good faith. You should report the vulnerability to us without any conditions attached.
  • Work with us. Promptly report any findings to us, stopping after you find the first vulnerability and requesting permission to continue testing. Allow us a reasonable amount of time to resolve the vulnerability before publicly disclosing it.

And you must not:

  • Exfiltrate data.
  • Exploit a vulnerability or disable further security controls.
  • Perform social engineering activities.
  • Use automated scanners.

Next Steps

Upon receipt of vulnerability / security report, Taptic will undertake a series of steps to address the issue:

01
Taptic requests the reporter keep any communication regarding the vulnerability confidential.
02
Taptic investigates and verifies the vulnerability.
03
Taptic addresses the vulnerability and releases an update or patch to the software. If for some reason this cannot be done quickly, or at all, Taptic will provide information on recommended mitigations.
04
Taptic endeavours to keep the reporter apprised of every step in this process as it occurs.

We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and services, and better protect our clients. Thank you for working with us through the above process.