Responsible Disclosure Policy
At GoBright, your trust means everything to us. That’s why the security of our systems—and the protection of your data—is one of our top priorities. Despite our best efforts, vulnerabilities can still occur. If you’ve discovered one, we’d really appreciate your help in resolving it.
Here’s how you can help:
- Let us know what you’ve found by emailing [email protected].
- Please use our PGP key to encrypt your message—this helps to keep sensitive information secure.
- Do not exploit the issue: avoid downloading more data than necessary, or altering or deleting anything.
- Keep the discovery confidential until we’ve addressed it together.
- Please don’t use physical attacks, social engineering, DDoS, spam, or abuse of third-party applications.
- Include enough detail for us to reproduce the problem. A URL or IP address and a clear description usually do the trick.
What you can expect from us:
- We’ll respond within 3 working days with an initial update and estimated resolution time.
- In regard to the report if you follow the guidelines above, we won’t take legal action.
- We’ll treat your report with strict confidentiality—we won’t share your personal details without your permission.
- You’ll be kept informed as we work on the fix.
- We’re happy to credit you as the discoverer (or keep you anonymous, if you prefer).
- As a thank you, we offer rewards for previously unknown security issues. The amount depends on the severity and the quality of your report, with a minimum reward of a €50 gift card.
We’re committed to resolving issues as quickly as possible—and we’d love to work with you on a responsible public disclosure once everything is resolved.
Thanks for helping to keep GoBright secure.