TimeTrade takes security and privacy very seriously for our users, our products and our staff. If you have discovered a vulnerability in our products, websites or support infrastructure, we encourage your help in mitigation by disclosing it to us in a responsible manner.
TimeTrade will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Statement. A reported vulnerability will be validated, cataloged and addressed in accordance with our posted commitments to security and privacy, as well as our other internal practices.
If you are the first to report a vulnerability and include detailed information sufficient to reproduce the vulnerability in your initial report, at TimeTrade’s sole discretion, there may be rewards or other compensation available for the research effort.
TimeTrade will not take legal action against, suspend or terminate access to the platform for those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Statement. TimeTrade reserves all legal rights in the event of any noncompliance with the following guidelines:
- Do not disclose a bug or vulnerability into the public domain, without written consent from TimeTrade.
- If a vulnerability is discovered, you are not authorized to exploit the vulnerability to compromise or expose any data. Additionally, you are not authorized to access, view, modify, delete, copy, capture or share any data exposed by the vulnerability.
- Do not perform DDOS / spam attacks or degrade services in any way
- Do not use scanners or automated tools to find vulnerabilities.
- Do not install programs, scripts, malware on any TimeTrade resource, or use the resources to control or distribute the same.
- Never perform phishing, social engineering or physical attacks against our users, employees, or infrastructure.
- Do not engage in any activities that violate applicable laws.
How to Report an Issue
If you believe you have discovered a vulnerability, please contact firstname.lastname@example.org.
We request that you use the available PGP key below to secure your report to us.
In reporting vulnerabilities, please send details of:
- The suspected vulnerability and include reproduction steps that we can follow.
- A private, secure communication channel through which we can contact you such as your email address.
Our security team will investigate any details you provide promptly upon receiving a vulnerability report, however, we require a reasonable amount of time to resolve the issue.
PUBLIC PGP KEY
–––––BEGIN PGP PUBLIC KEY BLOCK–––––
Comment: User-ID: TimeTrade Responsible Disclosure <email@example.com>
Comment: Expires: 10/2/2025 12:00 PM
–––––END PGP PUBLIC KEY BLOCK–––––