Responsible Disclosure Policy

Updated: June 6,2023
Effective Date: June 6,2023

As Chat Breezes, we give the utmost importance to the security of our services and platforms containing our users’ data. We encourage those who have discovered potential security vulnerabilities in the Chat Breezes Platform to disclose it to us in a responsible manner through our 'bug report' program.

We will work with security researchers to validate and respond to vulnerabilities that are reported to us. If you discover a security vulnerability and report in accordance with this Responsible Disclosure Policy, we will not take legal action or terminate your account access. Herewith, Chat Breezes reserves all of its legal rights in the event of any noncompliance to the applicable laws, regulations and our Terms of Service

Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.

1.Testing for Security Vulnerabilities

You may only test against an account for which you are the account owner, or an agent authorized by the account owner to conduct such testing.

2.Chat Breezes Prohibits the Following Types of Research:

  • Accessing, or attempting to access, data that does not belong to you
  • Using social engineering techniques to gain access to a system
  • Altering or deleting any information in the system or application
  • Executing, or attempting to execute, a “denial of service attack”
  • Using brute force techniques, such as repeatedly entering passwords, to gain access to systems
  • Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages
  • Testing third party websites, applications or services that integrate with Chat Breezes
  • Knowingly posting, transmitting, uploading, linking to, sending or storing any malware, viruses or similar harmful software
  • Research conducted by minors, individuals on sanctions lists or individuals in countries on sanctions lists

3.Reporting Potential Vulnerabilities

If you believe you have found a security issue/vulnerability, please share the details of any suspected vulnerabilities with Chat Breezes IT & Security Team.

  • If you are a Client or an Authorized User, please contact us through the Community Board within your Account Dashboard.
  • If you are an independent researcher/analyst, please contact us at support@chatbreezes.com.

While investigating the matter, only use methods or techniques that are compliant with the law and necessary practices in order to find or demonstrate the weaknesses, without limiting the generality of the foregoing.

Please do not publicly announce the vulnerability but get in touch with us and give us the time to examine the issue. The safety of our users’ information and assets is our top priority. Therefore, we encourage anyone who has discovered a vulnerability in our systems to act instantly and help us improve and strengthen the safety of our sites and systems.

In reporting any suspected vulnerabilities, please include the following information:

  • Exploit details with adequate information to allow us to reproduce your steps
  • A description of the issue and where it is located along with screenshots
  • Your email address

4.No Compensation

Chat Breezes does not compensate individuals or organizations for identifying potential or confirmed vulnerabilities. Requests for monetary compensation will be deemed in violation of this Responsible Disclosure Policy.

5.Chat Breezes’s Commitment

To all security researchers who follow this Responsible Disclosure Policy, Chat Breezes undertakes to:

  • Acknowledge receipt of your vulnerability report,
  • Work with you to understand and validate the issue,
  • Address the risk as deemed appropriate by the Chat Breezes team,
  • Work together to prevent cyber-crime.
  • Publicly acknowledge your responsible disclosure, if you wish

Chat Breezes will review the submission to determine if the finding is valid and has not been previously reported. Publicly disclosing the submission details of any identified or alleged vulnerability without expressed written consent from Chat Breezes will deem the submission as non-compliant with this Responsible Disclosure Policy. Chat Breezes reserves the right to change the content of this policy at any time, or to terminate the policy.

6.Many Thanks!

We appreciate your help by disclosing it to us in a responsible manner.