Responsible Disclosure

Working on a better product.

At Gynzy, we consider the security of our infrastructure extremely important. Despite our efforts for effective security, a weak spot or vulnerability is possible. If you have found a vulnerability, please let us know straightaway so we can take appropriate measures as quickly as possible.

Vulnerabilities can be discovered in two ways:

  1. Coincidently as part of the regular use of the digital environment

  2. Intentionally by looking for a security vulnerability (NOT with the obvious automated tools, we run all of them ourselves). Please always do this in a responsible way.

We ask you to

  • email your findings as soon as possible to security@gynzy.com

  • not to abuse the problem by, for example, downloading, copying and / or sharing the data (other than what is necessary to demonstrate the leak to Gynzy) nor to view, delete or modify data from other third parties;

  • not share the problem and/or data with others and confirm that you will promptly delete any data which may have been obtained through the leak;

  • not to use hacking tools that adversely affect the availability of our systems such as SPAM or DDOS tools;

  • provide sufficient information to reproduce the problem to ensure we can resolve it as quickly as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more complex vulnerabilities may require more.

We promise

  • we will respond to your report within 5 days with our assessment of the report if the report was not generated by widely available automated scanners;

  • if you have adhered to the above conditions, we will not take legal action against you regarding the report;

  • we will treat your report confidentially and will not share your personal information with third parties without your permission unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible;

  • as a thank you for your help, we will offer a reward for every report of an unknown security issue. We will determine the size of the reward on the basis of the severity of the leak and the quality of the report in the form of a gift certificate / voucher from an appropriate party of choice.

We strive to resolve all issues as quickly as possible