We have built Treebo from the ground up with security as our top priority. Even so, we believe that all technology contains bugs and the public plays a crucial role in identifying these bugs. If you believe you have found a security bug in our systems, we will gladly work with you to resolve the issue and ensure you are recognized for discovering the bug.
Treebo will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond to and fix reported vulnerabilities in accordance with our commitment to security and privacy. We would not take legal action against or suspend or terminate access to the Services for those who discover and report security vulnerabilities. Treebo reserves all of its legal rights in the event of any noncompliance to the Responsible Disclosure Policy.
Things we do not want to receive
The details of any suspected vulnerabilities should be shared with the Treebo Security Team by sending an email to firstname.lastname@example.org. Please do not publicly disclose these details without obtaining an express written consent from Treebo. In reporting any suspected vulnerabilities, please include the following information:
If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, Treebo commits to:
Requests for monetary compensation in connection with any identified or alleged vulnerability will be deemed non-compliant with this Responsible Disclosure Policy.