Contact: mailto:security@arktide.com

Preferred-Languages: en

Canonical: https://arktide.com/.well-known/security.txt

At Arktide, we strive to ensure that security is never treated as an afterthought. At present, we do not have a bug bounty / VDP in place, however if you discover a vulnerability, we would like to know about it so that we can protect our customers and systems as soon as possible. In some cases bounties may be awarded at the discretion of the company, and in all cases we will work with you to remediate any issues, and will assist you in publishing of your findings should you wish. Out of scope vulnerabilities:

• Vulnerabilities from automated scanners without additional analysis

• Vulnerabilities relying on out-of-date browsers/software

• SPF, DKIM, and DMARC records and flags

• Missing security-related HTTP headers not directly leading to a vulnerability, including but not limited to X-Xss-Protection, X-Content-Type-Options, Content-Security-Policy-Report-Only, etc.

• Denial of Service / Distributed Denial of Service attacks

• Bugs without a security impact

• Social engineering (e.g. phishing, vishing, smishing) attacks

• Attacks requiring MITM or physical access to a user's device.

Testing guidelines:

• Do not maliciously exploit vulnerabilities.

• Do not access, collect, use, modify, store, copy, disclose, or process any personal information. Personal information is any information that allows an individual to be identified, such as a name, username, email address, or chat logs.

• Do not share your findings publicly until we have researched, addressed and informed our affected customers.

• Please refrain from sending unnecessary amounts of automated requests - in other words, please don't hammer our APIs with multi threaded scripts going full blast.