Responsible Disclosure

We ask that you:

• Email your findings to responsible-disclosure@previder.nl or contact our security officer by phone;
• Do not abuse the problem by, for example, downloading more data than necessary to demonstrate the leak or accessing, deleting or modifying third-party data;
• Not to share the problem with others until it is fixed and to delete all confidential data obtained through the leak immediately after the leak is fixed;
• Not to use physical security attacks, social engineering, distributed denial of service, spam or third-party applications;
• To provide sufficient information to reproduce the problem so that we can fix it as soon as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.

What we promise:

• We will respond to your report within 3 days with our assessment of the report and an expected date for resolution;
• If you have complied with the above conditions, we will not take any legal action against you regarding the report;
• We will treat your report confidentially and will not share your personal information with third parties without your consent unless necessary to comply with a legal obligation. Reporting under a pseudonym is possible;
• We will keep you informed of the progress in resolving the problem;
• In notifying you of the reported problem, we will, if you wish, include your name as the discoverer.
• We aim to resolve all problems as quickly as possible and we will be happy to be involved in any publication about the problem after it has been resolved.