At Elvie, we consider the security of our customers and systems a top priority. If you believe you have found a security vulnerability in any of our products or services, please submit your report to us in accordance with this Policy. We appreciate your help in maintaining the safety and security of our customers and our systems.
Reporting
If you discover a vulnerability in our products or services, please send us your findings by email to security@elvie.com.
Please include all relevant available information to allow us to reproduce the issue so that we can test it.
What we will do
We will respond to your report within 5 business days and aim to triage your report within 10 business days. We will aim to keep you informed of our progress in addressing the issue. We will notify you when the reported vulnerability is resolved.
Once your vulnerability has been resolved, we would like to play an active role in the ultimate publication on the issue. We will give your name as the discoverer of the issue in any public information concerning the issue reported (unless you desire otherwise). We will not pass on your personal details to third parties without your permission.
What you shouldn't do:
Don't take advantage of the vulnerability or problem you have discovered.
Don't do anything more than is necessary to demonstrate the vulnerability, e.g. don't download more data than necessary or delete or modify data that is not your own.
Don't reveal the problem to others until we have confirmed that it is resolved.
Don't use attacks on physical security.
Don't use social engineering on our customers or staff, either by voice, phishing emails or other means.
Don't use denial of service attacks, or levels of requests that could result in denial of service.
Don't use third party applications, scanners or any means of large automated exploitation, including botnets or other tools that generate a significant volume of traffic.
Security Researches
We recognise the valuable role that independent security researchers play. If you are a
researcher and are interested in helping us, please review this Policy before you test and/or report a vulnerability. If you have followed these guidelines, we will not seek any legal action against you in regard to any report you make to us.