shield Responsible Disclosure

Responsible Disclosure

The security of our systems and our clients' data is a priority. If you have found a vulnerability, we want to know about it.

mail

How to Report a Vulnerability

If you believe you have found a security vulnerability in our systems, we ask you to responsibly disclose it by sending an email to:

lock security@easydatahost.com

Please include in your report:

  • check_circle Detailed description of the vulnerability.
  • check_circle Steps to reproduce the issue (proof of concept).
  • check_circle Potential impact you believe it has.
  • check_circle Your contact information so we can communicate with you.

Scope

Systems and services covered by this responsible disclosure policy.

check_circle

In Scope

  • check easydatahost.com website
  • check Client panel and management area
  • check Public APIs of our services
  • check Own network infrastructure (AS205081)
  • check S3 storage services
block

Out of Scope

  • close Denial of service attacks (DoS/DDoS)
  • close Social engineering or phishing against employees
  • close Spam or contact form abuse
  • close Physical attacks on facilities
  • close Third-party systems hosted on our infrastructure

Rules of Engagement

To ensure the process is safe and beneficial for everyone, we ask you to follow these guidelines.

privacy_tip

Do not access other users' data. If you discover you can access third-party information, stop immediately and report it.

do_not_disturb

Do not perform destructive actions. Do not modify or delete data, do not disrupt services or degrade system performance.

timer

Give us reasonable time. Do not publicly disclose the vulnerability until we have had the opportunity to fix it (minimum 90 days).

handshake

Act in good faith. Use only the minimum actions necessary to demonstrate the vulnerability.

gavel

Comply with the law. Your research must comply with applicable legislation. We commit to not taking legal action against researchers who act in good faith and follow these rules.

What to Expect

Our commitment to security researchers.

mark_email_read

Acknowledgment of Receipt

48h

We will confirm receipt of your report within a maximum of 48 business hours.

search

Assessment

7 days

We will evaluate the vulnerability and communicate our initial assessment.

build

Resolution

90 days

We will work to resolve the vulnerability and keep you informed of progress.

emoji_events

Recognition

Although we currently do not offer monetary rewards, we greatly value the contribution of security researchers. If you wish, we will include your name (or alias) in our public acknowledgment as recognition of your work.

We commit to working with you transparently, keeping you informed of the status of the fix, and giving you credit for your discovery once resolved.

Related Resources

policy

Security Policy

Organizational and technological framework compliant with the ENS.

 description

security.txt

Standard RFC 9116 file with contact information.

 verified

Compliance

Certifications and regulatory compliance.

Found Something?

Contact us confidentially at security@easydatahost.com.

lock Report Vulnerability support_agent General Contact