Responsible Disclosure Policy

Shieldfy aims to keep its Service safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help in disclosing it to us in a responsible manner. Shieldfy will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate access to the Service of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Shieldfy reserves all of its legal rights in the event of any noncompliance.

Testing

You may test only against an Account for which you are the Account Owner. In no event are you permitted to access, download or modify data residing in any other Account or that does not belong to you, or attempt to do any of the foregoing. Scope:-

• All domains and subdomains owned by Shieldfy inc. https://*.shieldfy.* that points to Shieldfy services not outside 3rd party services.

You are also prohibited from:

• Executing or attempting to execute any “Denial of Service” attack
• Bruteforcing attack on anykind
• knowingly posting transmitting, uploading, linking to, sending or storing any malicious Software
• Testing that leads to unsolicited or unauthorized junk mail or spam
• Testing in a manner that would degrade the operation of the Service
• Doing or attempting to do any type of social engineering on Shieldfy employees or Shieldfy customers

Reporting

Share the details of any suspected vulnerabilities with the Shieldfy Security Team by sending an email to security@shieldfy.io. Sending an email to any other address is strictly prohibted.
please include the following information on your report :--

• Vulnerability details with information to allow us to efficiently reproduce your steps
• Screenshots, videos, files or any other POC.
• Your name, email address, twitter handler as it should be displayed on thanks list if you would like it to be

Please use PGP to encrypt your report.

-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBF26sGIBEAC6zwBtC8QOkFNWydCWXKVHV7Fuxwwt76Ff3RKX6Ei0usiLeIKS wRZExjTGXeMPNzNCsncE0ZLldMZ1jXC24NpUthbozjS21j+eUSWGUaqSurfo7jWC Mr/nriHaBkyGFxmRFDekVTOaJnyP8HJT6tPSQfBgqXY5yLXw9JrNx3uKXmz/NwOl jN1kBz06/PGu8wXNCB/Fz9DLRRsLmUmkRLussh5n0q+aD2Th18qDe6cBjvi5pRGN 2CzQsm+BWV8IbBCR83tkYoCr9Mgy7+X7sx2NWZdVych8axOUr676mRqBtJjABw+V AI+RKnISH2uv3/Igqn0el2EDWph+jw79R9faB+gTYECkOnRgMMIE/UIfTfL2zD5H 6GW1iU0M3S2V5d9jlLdxATeBkdVzGftLBs5zw4S+U+5n7YZ96B86jKZBUk4Fshlo Rr57b64p29Zpx79dpVYdOnrqFlWj+XfLO76SKdW1JX9YVAk8ZFwONDBPZQWnswxd RNgS08yK/mjECnIzZzKaOOwfXs6qivLTIVc/Jgw+I8Kxe8pQ/ZKw/c0Il2FD32G2 +/Drcbu2N4f5vdQn/2lYxQ1z0Om6ULTMXHvIsyMeda2ffn+y/cQplWcnzr1AjSkx 1SJyQBgyETshBdWomMwoCiBZguVkmzb8dFGssYwTL6T+z/nocOFrlPwqWwARAQAB tCBlc2xhbSBzYWxlbSA8ZXNsYW1Ac2hpZWxkZnkuY29tPokCVAQTAQgAPhYhBMJe gIBK8pCmExR/GOz1xwjGb2tyBQJdurBiAhsDBQkHhh+ABQsJCAcCBhUKCQgLAgQW AgMBAh4BAheAAAoJEOz1xwjGb2tyMuQP/0VtLz3nwnjsBzkG0wu+HWM95gHkftpE RXeHu8pZtkQlQIwk2p1g/vj2OaG4WwagsDe8ia6jWf3dBvNiyGKWC1oCzSbBj6KK 2RWc+V1mPBgFfqdTdlclez7s7rxaHbi4MChua3ygbssgmd7tn1kSWs8tMPVtqnfm 0R20iQ0AvY5zC1x/SX4o/2wIEVoeA/dKZWTprNFEEFdVEQU9nhIhqj5rk/DGuzuY PxPbdLDWoAqT3BWvjW3JnZ30Gt5XQ50YjqoOZxjvuLZ0jp50/m7htNS8Lff8cRhy jvWkuQo7casmc+N2vvHEv/QeLcSshn30pI1bvaWGYs6ui3GJ9aRFmHt6Lonl6uIs bCM9K9fsxHgkSiCuRBG4jAKsIBakYZxvzFFFEkVbup4nmJzNKtxfUstYDjxx2Cw3 ly90UbBuXpkCUtLkAn4PmbOmKNWG+YYy9+L1zu7o1bFoWda8brLCa2b1YuqHadf8 DMqjN7pGRb20+gvgsUkV1AyJXQBM5StYbAcfEmwd3CMOlPcRNbo5oRisjMInFq8p xlpYYIH71qwWy0RRJq69pH3qGu+oQB+DPn5GgQM2pzBzYqQ7FRzkurEzSh2BDaoI K3EvtuKUEXuh3ySS4LOSP6gZpXHYRIA2K7usPaVyfstQ4LC0P5P/wJvvC+jlTcN6 NcT/yxjFzZY5uQINBF26sGIBEADEtauADUTQT+sTQKw75NQN4r1Wqkg7yHlGAbAF vQUHXtQ0CAXj2MDU71SxFoGgKNirbyDPho46kTyyidkxPR7GkrPWbaw+iqQ61+RB QI2MrkXCVR05Ampg0f2f176dPBnNp8W7g0pZdKBGlmyxrq0/mDpDGHY+p9BHOUEt gkCcxemgRssQMbBy8UtF+hNFJKPvesd8cbm+qmO7wANIwlj993r/pEpNvRSEVGzE 7uBw/0MZBJmOKEnLgcm3Loxy1csNTFeLqHzkdaL5pQH9bugFX9pZO7JgFCVuClJk mcNZWqNpnXDDK1SwnNRkzBzYbd45T9F6qs4sQFnxjIfkEOpu5jV2ucy7FUkPB/IN FXzT75l6v7zVLzQ0nHQbvloute3ddAuV7GlNZGoielcE3U6WEkM+hWEPv2W/lu/g 4YcrueLshXCs+qN9Lo/VCl8F9sWesZJgjcii/2XFPxBIbA3eLre500/2JiiUYxL0 MJTYC/Eq+00vmqO9qplbBIx17WHRE6+25vL/OhJn0jM0Ka60PyB4C0JbR7lyMrq+ fqZfl89M10fKREg3N/5T0uUtuxa+ptA83XREBRihrzQLWDEDBuj1iCfXtDmRXrt6 05aHx1AzQ8lt6Edj3mEMaVKHzYRGHrhC0YQH0CFYrgEiZbTZ4YWwrOjG7HseG+yh l/fSUQARAQABiQI8BBgBCAAmFiEEwl6AgErykKYTFH8Y7PXHCMZva3IFAl26sGIC GwwFCQeGH4AACgkQ7PXHCMZva3JarRAAj1de92v/234W4i4JaMhS0PPBt3COKb8i G3w9K3VyHuVEeIm8wJ6/mfOyDXTMzNNoW6o1AHmUCr8BgIk3XT37q/pgxN6pyPrp LEdPA+D4SVXA73M8Np9rhqUYqtyKDtvLnMXIy/G9xz7HMM1VOXb0HT00dwHDwIa7 YnXjWx4YJevpg9w+B3Da0Z9MjcFYEhclsxrdJKFABemkS0rBzza3G5UVa0yHUfBF pTULemoKqNMlFqx4xmhMvRwzIwX7TH+QlZWpDYntTu6PHd+dSK7S+jHWIbdt4ghB oIp0HqmxpUp/A3kCa2WIe/TMM4Z9NF9D+/8n9T9CIUA05GlOwiZY/Otc6yTK7ouL 0r26cvvdxB/qU25vYUqKf0hE+O1fQpIynNtzLGHdAJdtJUaiRWK1uYW+YdNskdkw VYMkBMdQKXqdTIRJzri8TFQpaDK2vGxjswmiKmFRgLCAcV4hH8rHWcJtaSDe+Tb5 IBwzuByNcH0EfW0iVecmyioskiAwIXy9paA7D6XixsiZIc9FISWjB/ilxx+FHEpg xVx8LOfOBUWpCdlldtvLxhWfKj3mlw9bf9N16gSSMUoXVVHpTbk5yBk8zmsDsQBv me0OI155gKE/xvfNVBhvW2a04+wWcnYs5Qp78LHwBGmRFiMU23I1vBH2BAsY2tgt ZpzUFiTUhzo= =AzZP -----END PGP PUBLIC KEY BLOCK-----

Public Disclosure

Please allow us the reasonable amount of time to invistigate and resolve the security issue before asking for public disclosure. Any publicly disclosure of the vulnerability without express written consent from Shieldfy inc. will be faced with legal actions.