We don't want to know who you are!

We just want to know how many people are on our website. You can decline if you want.
Read more about our cookies
Skip to secondary navigation
Skip to content

Responsible Disclosure

procedures around privacy and security


1. Introduction

At Minddistrict, we take the security and privacy of our users seriously. We recognize the important role that security researchers and the broader community play in identifying vulnerabilities in our systems. If you have discovered a security vulnerability in our platform, products or on our website, we appreciate your help in disclosing it responsibly

2. Reporting a vulnerability

If you believe you have found a security vulnerability, please report it to us by following these steps:

  • Contact information: Send an email to compliance@minddistrict.com. If you have the impression the report contains sensitive information and to wish to encrypt, please use our PGP-key to encrypt your report;
  • Description: Provide a detailed description of the vulnerability, including the affected systems, services, or applications;
  • Exact time and date: Note the exact date and time that you discovered the vulnerability;
  • Steps to reproduce: Give clear steps to reproduce the issue, including any relevant URLs, screenshots, or code snippets;
  • Impact: Provide an explanation of the potential impact if the vulnerability were to be exploited.

3. Rules of engagement

To protect the privacy and data of our users, please adhere to the following guidelines when researching and reporting vulnerabilities:

  • Do not access data: Avoid accessing or modifying data that is not your own. If you encounter such data during your research, stop immediately and report the issue;
  • Do not disrupt services: Avoid any actions that could lead to a disruption of services for our users, such as DoS attacks;
  • Confidentiality: Do not publicly disclose the vulnerability until we have had the opportunity to investigate and address it. We will work with you to coordinate a responsible disclosure timeline;
  • Identifying security issues: This disclosure policy is intended to identify and resolve security issues, however, it is not an invitation to extensively test our network to find vulnerabilities..

4. Our commitment

When you submit a vulnerability report to us:

  • Acknowledgment: We will acknowledge receipt of your report within five business days;
  • Initial assessment: We will conduct a preliminary assessment to understand the nature and impact of the reported vulnerability;
  • Communication: We may contact you for further information or clarification to assist in our investigation;
  • Resolution: Once the vulnerability has been confirmed, we will work to resolve it as quickly as possible. We will keep you informed of our progress.

5. Recognition

Minddistrict values the efforts of security researchers and may offer recognition in the form of a giftcard, depending on the severity of the vulnerability and the quality of the report. Please note that we will inform you as soon as possible, after the investigation, if the vulnerability reported is unique and not earlier identified by ourselves or another researcher.

We continuously monitor our internet-exposed applications and products to identify issues and misconfigurations. We kindly ask you to avoid reporting items such as weak configurations of the TLS protocol, reports of non-compliance with best practices (such as TLS misconfigurations) and all output of well-known automated tools/solutions. Such reports will probably never have the outcome of the offering in any kind of recognition.

6. Final note

We greatly appreciate your efforts to help us maintain the security and integrity of our platform and products. By following this Responsible Disclosure Procedure, you help ensure that potential vulnerabilities are addressed efficiently and with minimal risk to our users.

If you have any questions about this procedure, please contact us at compliance@minddistrict.com.