Responsible Disclosure Policy
Spin Technology is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us in accordance with our responsible disclosure policy outlined below.
Please report any suspected or confirmed vulnerabilities related to our applications by completing the submission form on this page. When submitting the form, please include the following information:
- Date of the discovery;
- Relevant URLs or components;
- Steps to reproduce the issue;
- Your contact information (optional).
To protect the security of our customers’ data, we ask you to not share the vulnerability details publicly.
Spin Technology prohibits the following actions:
- Brute-force and DDoS attacks, and any other actions that affect the availability of our services;
- Phishing emails and other social engineering attacks;
- Unauthorized access to other users’ accounts;
- Exfiltrating, deleting, or corrupting data stored and processed by our applications;
- Violating any laws and regulations.
Spin Technology is committed to:
- Acknowledge the receipt of the report;
- Review the report in a timely manner;
- Determine a remediation plan (if necessary);
- Provide an estimated timeframe for addressing the vulnerability;
- Notify you when the vulnerability has been addressed.
Spin Technology does not issue rewards for reported vulnerabilities.