ENDOWUS VULNERABILITY DISCLOSURE
The safety and security of our customers, their data, and the reliability of our products and services, are of utmost importance to Endowus. Therefore, we aim to design and provide our products and services with the highest levels of security and reliability. Despite our best efforts, vulnerabilities and errors may still be present in our products and services.
The reporting of such vulnerabilities and errors will contribute to improving the security and reliability of our product and services.
Endowus Vulnerability Disclosure Policy
This policy describes Endowus’s approach to requesting and receiving reports related to potential vulnerabilities and errors in its platform, products and services. Endowus highly appreciates the efforts made by the reporting party in identifying and reporting such vulnerabilities and errors, giving us a chance to improve our products and services, and better protect our customers.
Customers, users, researchers, partners and any other person who may interact with Endowus’ platform, products or services are encouraged to report identified vulnerabilities and errors through the vulnerability disclosure reporting form on this page. Please note that supplying your contact information with your report is entirely voluntary and at your discretion. You can be assured that Endowus will only use such information to clarify the details of your report with you, if necessary. To learn more about our privacy policy, please visit https://endowus.com/legal.
By making a report to Endowus using the form on this Vulnerability Disclosure Page, or otherwise communicating a vulnerability report to Endowus, you agree to the following terms:
Endowus may use your report for any purpose deemed relevant by Endowus, including without limitation, for the purpose of correcting any vulnerabilities or errors that are reported or that Endowus deems to exist and to require correction. To the extent that you propose any changes and/or improvements to Endowus’ platform, or an Endowus product or service in your report, you assign to Endowus all use and ownership rights to such proposals.
You shall adhere to the following guidelines in conducting vulnerability discovery activities and reporting and confirm to Endowus that:
The safety and security of our customers, their data, and the reliability of our products and services, are of utmost importance to Endowus. Therefore, we aim to design and provide our products and services with the highest levels of security and reliability. Despite our best efforts, vulnerabilities and errors may still be present in our products and services.
The reporting of such vulnerabilities and errors will contribute to improving the security and reliability of our product and services.
Endowus Vulnerability Disclosure Policy
This policy describes Endowus’s approach to requesting and receiving reports related to potential vulnerabilities and errors in its platform, products and services. Endowus highly appreciates the efforts made by the reporting party in identifying and reporting such vulnerabilities and errors, giving us a chance to improve our products and services, and better protect our customers.
Customers, users, researchers, partners and any other person who may interact with Endowus’ platform, products or services are encouraged to report identified vulnerabilities and errors through the vulnerability disclosure reporting form on this page. Please note that supplying your contact information with your report is entirely voluntary and at your discretion. You can be assured that Endowus will only use such information to clarify the details of your report with you, if necessary. To learn more about our privacy policy, please visit https://endowus.com/legal.
By making a report to Endowus using the form on this Vulnerability Disclosure Page, or otherwise communicating a vulnerability report to Endowus, you agree to the following terms:
Endowus may use your report for any purpose deemed relevant by Endowus, including without limitation, for the purpose of correcting any vulnerabilities or errors that are reported or that Endowus deems to exist and to require correction. To the extent that you propose any changes and/or improvements to Endowus’ platform, or an Endowus product or service in your report, you assign to Endowus all use and ownership rights to such proposals.
You shall adhere to the following guidelines in conducting vulnerability discovery activities and reporting and confirm to Endowus that:
- You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to Endowus), the discovered vulnerabilities and/or errors;
- You have not engaged, and will not engage, in the testing/research of systems or the identification of vulnerabilities and errors in Endowus’ platform, products and services with the intention of harming Endowus, its customers, employees, partners or suppliers;
- You have not used, misused, deleted, altered or destroyed, and will not leak, use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered;
- You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks;You have not tested, and will not test, the physical security of any property, location, or building of Endowus;
- You have not breached, and will not breach, any applicable laws in connection with (i) your report and (ii) your interactions with Endowus or any Endowus products or services that lead to or leading up to your report.
- You have not disclosed and will not disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that any vulnerabilities and/or errors have been reported to Endowus.
- You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are or will be corrected by Endowus.
LEGAL SAFE HARBOR
To encourage research and responsible disclosure of security vulnerabilities and errors, Endowus shall not take any legal actions against you in relation to any research, report or identification of vulnerabilities or errors in Endowus’ platform, products or services as long as such research, report or identification has been made in good faith and adherence to our vulnerability disclosure policy set out on this page. Endowus shall endeavour to acknowledge receipt of all submitted reports within seven business days.
Please note that Endowus shall not:
LEGAL SAFE HARBOR
To encourage research and responsible disclosure of security vulnerabilities and errors, Endowus shall not take any legal actions against you in relation to any research, report or identification of vulnerabilities or errors in Endowus’ platform, products or services as long as such research, report or identification has been made in good faith and adherence to our vulnerability disclosure policy set out on this page. Endowus shall endeavour to acknowledge receipt of all submitted reports within seven business days.
Please note that Endowus shall not:
- Defend, indemnify, or otherwise protect you from any third party legal action that may arise if your research or report involves the networks, systems, information, applications, products, or services of such third party (which is not Endowus)
- Be obliged to consult you for any media or public statement that we may decide to publish or release in relation to any reported error or vulnerability
If you submit a vulnerability report to us which affects a third party service or product, we may share the relevant content from your report with an affected third party, but only after notifying you that we intend to do so and getting the third party's written commitment that they will not pursue legal action against you based on your report. We will not share your identifying information with any affected third party without first getting your written permission to do so.
If you submit a vulnerability report to us which affects a third party service or product, we may share the relevant content from your report with an affected third party, but only after notifying you that we intend to do so and getting the third party's written commitment that they will not pursue legal action against you based on your report. We will not share your identifying information with any affected third party without first getting your written permission to do so.