Responsible Disclosure Policy

Logikcull prioritizes customer trust, and data security is our top priority. We appreciate your good faith effort to protect our user's privacy and data, and we are committed to addressing security issues responsibly and in a timely manner. As a result, we want you to responsibly disclose security issues, vulnerabilities, and bugs (‚ÄúVulnerabilities‚ÄĚ) identified through incidental events or acts of good faith. Additionally, we don't want researchers to be put in fear of legal consequences because of their good faith attempts to find Vulnerabilities to improve our services. Consequently, we adopt this Responsible Disclosure Policy (‚ÄúPolicy‚ÄĚ) to outline how we accept, verify, and respond to potential Vulnerabilities.

Reporting Vulnerabilities

If you believe you have found a Vulnerability on Logikcull (https://app.logikcull.com), please let us know right away via email to security@logikcull.com. The provided email is the only proper communication channel to report and discuss Vulnerabilities. When filing a report, please include as much information as possible, including a way for us to replicate the Vulnerability.

Vulnerability reports shall not be shared publicly or with other parties, as this can result in risk to Logikcull’s customers. Logikcull will inform you of its findings in triaging your report and inform customers, the public at large, or regulatory bodies as appropriate or as required by law.

Safe Harbor

Logikcull believes that incidental discoveries of Vulnerabilities and security research performed in good-faith should be provided a safe-harbor from legal action from Logikcull. Logikcull does not authorize penetration testing, scanning tools or taking any action that may intentionally or incidentally negatively impact the integrity of its services; this includes any actions that may cause a degradation of services or put customer confidentiality at risk; nor research that is not otherwise lawful, not helpful to the overall security of Logikcull’s services, or not conducted in good faith.

If at any time you have concerns or are uncertain whether your security research is consistent with this Policy, please submit an inquiry through security@logikcull.com before going any further.

Please note that Logikcull cannot bind third parties, and therefore third-party Vulnerabilities are excluded from this Policy. Third-parties may take legal action where Logikcull will not or cannot. If you discover a third-party Vulnerability, you should contact the appropriate third-party directly, though you should note that such third-parties may not necessarily provide a legal safe-harbor. If, in our sole discretion, a third-party Vulnerability has significant collateral effects on Logikcull services, then we may choose to, in our sole discretion, work with you and the third-party to address the Vulnerability.

Reward Programs

Logikcull does not provide rewards for disclosure at this time.

Logikcull partners with HackerOne to operate a private bug bounty program. If you are a security researcher and interested in a rewards program and actively bug hunting you will need to be a qualified hacker with HackerOne; please contact HackerOne.

 

If there is any inconsistency between this Policy and any other applicable terms, the terms of this Policy will prevail. By submitting a report to Logikcull, you accept and agree to the terms of this Policy. We thank you for your dedication to reducing online risk and helping improve the security of our services.