Contact: mailto:security@arktide.com
Preferred-Languages: en
Canonical: https://arktide.com/.well-known/security.txt

At Arktide, we strive to ensure that security is never treated as an afterthought.
At present, we do not have a bug bounty / VDP in place, however if you discover a vulnerability, we would like to know about it so that we can protect our customers and systems as soon as possible.

Out of scope vulnerabilities:
- Vulnerabilities from automated scanners without additional analysis
- Vulnerabilities relying on out-of-date browsers/software
- SPF, DKIM, and DMARC records and flags
- Missing security-related HTTP headers not directly leading to a vulnerability, including but not limited to X-Xss-Protection, X-Content-Type-Options, Content-Security-Policy-Report-Only, etc.
- Denial of Service / Distributed Denial of Service attacks
- Bugs without a security impact
- Social engineering (e.g. phishing, vishing, smishing) attacks
- Attacks requiring MITM or physical access to a user's device.

Testing guidelines:
- Do not maliciously exploit vulnerabilities.
- Do not access, collect, use, modify, store, copy, disclose, or process any personal information. Personal information is any information that allows an individual to be identified, such as a name, username, email address, or chat logs.
- Do not share your findings publicly until we have researched, addressed and informed our affected customers.