Buddy aims to keep its Service (Buddy) safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help in disclosing it to us in a responsible manner. Buddy will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate access to the Service of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Buddy reserves all of its legal rights in the event of any noncompliance. Capitalized terms used in this Responsible Disclosure Policy and not otherwise defined have the meaning ascribed to such terms in our Terms of Service.
You may test only against an Account for which you are the Account Owner. In no event are you permitted to access, download or modify data residing in any other Account or that does not belong to you, or attempt to do any of the foregoing. You are also prohibited from:
Share the details of any suspected vulnerabilities with the Buddy Security Team by sending an email to firstname.lastname@example.org. Sending an email to any other address will void your ability to receive a reward. If you do not receive a reply within two business days, it means your report was not accepted. Please do not publicly disclose these details without express written consent from Buddy. In reporting any suspected vulnerabilities, please include the following information:
Requests for monetary compensation in connection with any identified or alleged vulnerability will be deemed noncompliant with this Responsible Disclosure Policy. If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, Buddy commits to: