Deutsch Deutsch

Policy for responsible disclosure of security vulnerabilities in One Click Actions

Last update: November 6, 2024

The security of our platform and the protection of our customers’ data is a top priority for One Click Actions. We recognize that the discovery and reporting of security vulnerabilities by the security community is a valuable asset and welcome responsible disclosure. This policy provides a structured framework for reporting and addressing security vulnerabilities to improve the security of our platform.

1. aim of the directive

This policy is intended to improve the security of our systems by providing a clear and respectful way for external security researchers and users to report vulnerabilities. Responsible disclosure allows us to address vulnerabilities quickly and efficiently before they can potentially be exploited.

2nd area of application

This policy applies to all systems, services and domains owned or operated by One Click Actions. It is aimed at external security researchers and our user community who discover vulnerabilities in our systems and wish to report them to us securely.

3. responsible disclosure

One Click Actions encourages all researchers and users to report vulnerabilities responsibly and not to disclose them without authorization. Responsible disclosure means:

  • Immediate reporting: As soon as a vulnerability is identified, it should be reported directly to us without third parties finding out about it.
  • Non-abuse: Security gaps may not be exploited and no further attempts may be made to access our systems or make changes.
  • Maintain confidentiality: The discovered vulnerability should not be published until we have completely fixed it and authorize the release of the information.

4. reporting procedure for security vulnerabilities

To report a security vulnerability, please follow these steps:

  1. Send a report to our security team: The report can be sent by e-mail to security@oneclickactions.com.
  2. Create a detailed report: The report should include the following:
    • A description of the vulnerability with all relevant details.
    • Steps to reproduce the vulnerability, including any screenshots, code samples or video recordings.
    • Information on the affected component, whether website, API or other service.
  3. Confirmation and feedback: Upon receipt of your report, we will acknowledge receipt within 3 business days and request additional information if necessary. Our security team will assess the severity of the vulnerability and plan the necessary steps to rectify it.

5. responsible behavior during safety investigations

We ask all researchers to observe the following points during the safety investigations:

  • No data modification: Data from us or our users may not be deleted, modified or made accessible in order to protect the privacy and security of all users.
  • No denial of service (DoS): Tests that overload systems or disrupt regular operations are not permitted.
  • Authorized areas only: Do not perform tests on systems that are not expressly authorized for testing.

6. encouragement and recognition for responsible reporting

One Click Actions appreciates the support of the security community. We publicly recognize and acknowledge the contributions of security researchers as follows:

  • Public recognition: If you responsibly report a vulnerability, you can, with your permission, be listed on our “Honor Roll” page as a recognized security researcher.
  • Confirmation of the report: We will issue you with an official letter of thanks or certificate documenting your commitment to the security of our platform.

Please note that this program does not provide any financial compensation or reward for reporting security vulnerabilities.

7 Disclaimer and legal aspects

One Click Actions will not take legal action against researchers who adhere to this policy and report vulnerabilities responsibly. However, we reserve the right to take action against individuals who:

  • Exploit security vulnerabilities or modify data without authorization.
  • Publish sensitive information without consent and responsible communication.

By participating in Responsible Disclosure, you acknowledge that you have read these terms and agree to abide by all rules described.

One Click Actions thanks you for your commitment to improving the security of our platform. We look forward to a positive collaboration and a common goal of protecting our systems and our users’ data.