Clarus R+D Responsible Disclosure Policy

Data security is a top priority for Clarus R+D, and Clarus R+D believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability, please notify us. We will work with you to resolve the issue promptly.

DISCLOSURE POLICY

• If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at compliance@clarusrd.com. We will acknowledge your email within five business days.
• Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten business days of disclosure.
• Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Clarus R+D service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

EXCLUSIONS
While researching, we’d like you to refrain from:

• Distributed Denial of Service (DDoS)
• Spamming
• Social engineering or phishing of Clarus R+D employees or contractors
• Any attacks against Clarus R+D’s physical property or data centers
• Thank you for helping to keep Clarus R+D and our users safe.

CHANGES
We may revise these guidelines from time to time. The most current version of the guidelines will be available at https://clarusrd.com/disclosure.

CONTACT
Clarus R+D is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at compliance@clarusrd.com.

DISCIPLINARY ACTION
Employees who violate this policy may face disciplinary consequences in proportion to their violation. Clarus R+D management will determine how serious an employee’s offense is and take the appropriate action.

RESPONSIBILITY
It is the CTO’s responsibility to see this policy is enforced.
Last updated: 11/06/2020