Responsible Disclosure Policy

At mintBlue, the security of our systems and data is a priority. We welcome responsible disclosure of security vulnerabilities by security researchers and members of the public. If you believe you have found a vulnerability, we encourage you to report it to us promptly so we can take appropriate action.

Please send your findings to security@mintblue.com. Include enough information to reproduce the issue, such as the IP address or URL where the vulnerability was found, along with a clear description of the problem.

Please provide your name, email address, and/or phone number so we can contact you. Pseudonymous reporting is acceptable. By submitting a report, you confirm that you have read and agree to comply with this policy.

When reporting a vulnerability, you must report it promptly and provide sufficient detail for reproduction. You must leave contact information and agree to follow this policy.

You must not publicly disclose the vulnerability before mintBlue has had the opportunity to fix it. You must not exploit vulnerabilities beyond what is strictly necessary to demonstrate the issue. You must not copy, delete, or modify data beyond what is necessary.

You must not place malware or make unauthorised changes to systems. You must not use automated scanning tools, brute force attacks, denial-of-service attacks, or social engineering techniques. You must not perform any actions that impact the availability or performance of our systems. You must not retain any data obtained during the disclosure process after reporting.

The security of our information and systems matters to us. We value the partnership of security researchers who help us identify and address vulnerabilities through responsible disclosure. We will acknowledge receipt of your report, keep you informed of our progress, and will not take legal action against researchers who comply with this policy.