Responsible Disclosure Policy

GoodUp Responsible Disclosure Policy

At GoodUp, we prioritise the security and privacy of our platform and customers. If you’ve discovered a security vulnerability in any of our systems, we appreciate your responsible disclosure and are committed to addressing it promptly.

Reporting a Vulnerability:

• Please submit any security vulnerability reports via email to support@goodup.com.
• Include a detailed description of the issue, steps to reproduce, and any relevant documentation or evidence (e.g., screenshots, proof of concept).
• Do not publicly disclose the vulnerability before we’ve had a chance to address it.

What We Expect from You:

• Avoid accessing, modifying, or destroying any data other than your own.
• Refrain from performing actions that could disrupt our services (e.g., Denial of Service).
• Act in good faith to avoid privacy violations, system disruption, or unauthorised access to sensitive data.
• Do not exploit the vulnerability or use it beyond demonstrating the issue to GoodUp.

Our Commitment:

• We will acknowledge your report within 5 business days and provide a timely assessment and response.
• We will keep you updated on our progress in addressing the vulnerability.
• We will not take legal action against those who report vulnerabilities in compliance with this policy.
• If appropriate, we may publicly acknowledge your contribution and provide recognition

Coordinated Disclosure:

• We request that you give us a reasonable timeframe to investigate and mitigate the issue before making any public disclosure. We aim to resolve critical vulnerabilities within 90 days.