Responsible Disclosure Policy
Data security is a top priority for Arvo. The following outlines our policy for reporting vulnerabilities.
- If you believe you’ve discovered a potential vulnerability, please immediately email us at [email protected]. We will acknowledge your email promptly and respond with requests for evidence/necessary follow-up as soon as we are able to assess the vulnerability. Should the issue pose what Arvo Tech deems as a security risk, we may, at that time, provide an estimated timeframe for remediation.
- Public knowledge of a vulnerability has the potential to invite attacks on our services. Please provide Arvo Tech a reasonable amount of time to resolve any issue and refrain from disclosing it to the public or a third party unless working under the direct supervision of Arvo Tech, LLC.
- Make good-faith efforts to avoid violating privacy, destroying data, or interrupting/otherwise degrading Arvo Tech services. Only interact with accounts you own or for which you have explicit permission from the account holder.
Under no circumstances are you to investigate potential vulnerabilities in any way that can potentially compromise the integrity of the system as a whole unless under the direct supervision of Arvo Tech. Such investigation methods include, but are not limited to:
- Distributed Denial of Service (DDoS)
- Social engineering or phishing of Arvo Tech employees or contractors
- Any attacks against Arvo Tech’s physical property or data centers
Any party – including employees of Arvo Tech – who violate this policy may face legal or disciplinary consequences in proportion to their violation. Any legal or disciplinary action taken will be at the sole discretion of Arvo Tech.
Arvo Tech, LLC. is solely responsible for maintaining the security of its systems. All questions, concerns, or vulnerability reports must be directed to Arvo Tech, LLC. by emailing [email protected].
Last Updated: August 2022