Responsible Disclosure

Welcome to JUMO’s Responsible Disclosure Policy

We encourage the global security community to support us in building a resilient, trustworthy technology stack. We ask that anyone looking for anomalies or vulnerabilities in our services follow the principles as outlined below.

Guidelines for Responsible Disclosure

We ask that all tinkerers:

• Avoid degrading the experience of our users, or disrupting any of our production systems.
• Avoid disclosing, tampering with, or destroying any data.
• Keep information about the vulnerability you have discovered confidential until we have had enough time to remediate it.
• Not use social engineering, physical attacks, or DDoS to probe our systems, or people.
• Send us your findings as soon as you can to responsibledisclosure@jumo.world.
• Share detailed information with us, this helps us to confirm your finding and get working on a fix as fast as possible.
• Avoid breaking any applicable laws.

We will strive to:

• Respond to you within five business days, with our evaluation of your finding.
• Handle your report, and personal information confidentially and not share it with any third parties without your permission.
• In communication about the reported vulnerability we can state your name as the discoverer if you would like that.
• Not pursue or support any legal action related to your disclosure.