Truv logo

Responsible Disclosure Policy

Introduction

At Truv, we take the security of our systems and data very seriously. We are committed to ensuring the safety and privacy of our customers, and we value the contribution of security researchers and the broader community in helping us maintain the highest security standards.

Scope

This Responsible Disclosure Policy applies to any vulnerabilities or security issues identified in our products, services, and websites. We encourage responsible disclosure of any potential security vulnerabilities to help us address them promptly.

Our Commitment

  • We will acknowledge receipt of your report within 72 hours.
  • We will provide an estimated time frame for addressing the reported vulnerability.

Guidelines for Responsible Disclosure

To ensure that vulnerability reports are handled responsibly and effectively, we ask that you:

  • Do Not: Exploit the vulnerability or access sensitive data beyond what is necessary to demonstrate the vulnerability.
  • Do Not: Engage in any activity that could disrupt our services or compromise the privacy of our users.
  • Do: Provide detailed information about the vulnerability, including steps to reproduce it and potential impact.
  • Do: Allow us reasonable time to address the issue before publicly disclosing any information about the vulnerability.

How to Report a Vulnerability

If you have identified a potential security vulnerability, please report it to us by emailing our security team at security@truv.com. Your report should include:

  • A detailed description of the vulnerability.
  • Steps to reproduce the issue.
  • Any supporting evidence, such as screenshots or logs.
  • Your contact information.

Acknowledgment and Recognition

We greatly appreciate the efforts of the security community in helping us improve our security posture. Truv's responsible disclosure program is strictly non-paid. We do not offer monetary rewards or compensation for vulnerability reports. Participation in this program is voluntary, and any reports submitted are considered contributions to the security of our systems and services.

Legal Disclaimer

By submitting a report, you agree to comply with this Responsible Disclosure Policy and applicable laws. You also acknowledge that Truv does not authorize or permit any activities that would violate applicable laws or disrupt our services.

Contact Us

If you have any questions about this policy or wish to report a vulnerability, please contact our security team at security@truv.com.

Thank You for Helping Us Keep Truv Secure!