Vulnerability Disclosure Policy

We are committed to working with security researchers to address potential security vulnerabilities in a responsible and timely manner. If you research and/or discover potential security vulnerabilities in relation to our online playground, we ask you to follow this vulnerability disclosure policy.

Guidelines

  • Do everything you can to avoid privacy violations, the destruction of data, and/or interruption or delay of service.
  • We understand that you may encounter confidential, sensitive, and personal data during your research. However the purpose of your research should not be to discover such data but solely to disclose vulnerabilities in our security.
  • Do not share any confidential and/or sensitive data that you have obtained access to through the security vulnerability with anyone other than us and delete this data immediately after we have fixed the security vulnerability.
  • Do not place malware on our online playground, do not perform distributed denial of service attacks, and do not change our system.
  • Do not publicly disclose a security vulnerability before it has been fixed.
  • If you publicly disclose your discovery, please consult with us prior to disclosure about the contents of your disclosure. Be aware that our brands are protected by intellectual property laws and that we may invoke our rights if our brands are used without our consent.
  • Do not perform non-technical attacks such as social engineering, phishing, or physical attacks against our users, employees, or infrastructure.

Reporting

Send us an email atsecurity@poki.comwith details of the security vulnerability that you have discovered. It would help us a lot if you could include a detailed description, the steps to reproduce the issue, and the potential impact.

Our commitment

  • You will receive a receipt of your report within 2 working days.
  • We will investigate the report and work closely with you to ensure we fully understand the issue.
  • We will fix the security vulnerability as quickly as we can.
  • You will receive a notification when the reported security vulnerability is fixed.
  • We will not pursue legal action against individuals who follow the aforementioned guidelines.
  • We take your privacy as seriously as the privacy of anyone using our online playground, so please refer to our privacy statement.

In the event of any dispute regarding or in relation to this vulnerability disclosure policy that cannot be settled amicably, the competent court of Amsterdam shall have jurisdiction over the matter. Dutch law is applicable.

Exclusions

The following properties are excluded from the scope of our vulnerability disclosure policy as they are managed by third parties:

  • jobs.poki.com - Please send your findings to Elementor
  • shop.poki.com - Please send your finding to Squarespace