Moeco IoT, Inc.
Responsible disclosure policy

Last update: August 11, 2023

At Moeco, we take the security of our products and the protection of our customers’ data very seriously. We appreciate the work of security researchers in helping us identify and address vulnerabilities. We encourage responsible disclosure of any potential security issues you may discover.

Reporting Vulnerabilities

If you believe you have discovered a vulnerability or any other security issue in any of Moeco’s products or services, we request that you disclose it to us privately and responsibly by following the guidelines outlined in this policy.

Guidelines for Responsible Disclosure

To ensure that your findings are handled appropriately and addressed in a timely manner, we kindly ask you to adhere to the following guidelines:

  • Do not publicly disclose the vulnerability: Please refrain from publicly disclosing the vulnerability until we have had an opportunity to review and address it. We appreciate your patience while we work together to mitigate any potential risks.
  • Share the details with us: Please provide us with detailed information about the vulnerability, including steps to reproduce it, potential impact, and any supporting evidence you may have.
  • Contact us directly: To report a vulnerability, please send an email to support@moeco.io.
  • Allow us reasonable time to respond: After receiving your report, we will make every effort to acknowledge receipt of your message within 48 hours. We aim to provide an initial assessment of the report within 10 business days of acknowledgment.
  • Maintain confidentiality: We request that you keep all communications and findings confidential until we have resolved the vulnerability and any related issues.
  • Act in good faith: We ask that you refrain from attempting to access, modify, or destroy data residing in our systems. Instead, focus on identifying and reporting potential security vulnerabilities.
  • Comply with applicable laws: Ensure that your activities comply with all applicable laws and regulations.

Our Commitment

Moeco is committed to addressing all reported vulnerabilities in a timely manner. We will thoroughly investigate each report and take appropriate action to fix the issue. Our team will keep you informed about the progress and any steps taken to resolve the reported vulnerability.

Recognition

We appreciate your contribution to the security of our systems. If you wish to be acknowledged for your responsible disclosure, please let us know in your initial report. We will be happy to publicly recognize your efforts, subject to your approval.

Legal Protection

Moeco commits to not pursue legal action against researchers who adhere to this responsible disclosure policy. We consider your research activities conducted in good faith and in accordance with this policy as exempt from any legal action.

Compensation Notice

At present, Moeco IoT, Inc. does not have a bug bounty program in place, and unfortunately, we are unable to provide financial rewards for disclosed vulnerabilities. We deeply value your contributions to enhancing the security of our systems and appreciate your understanding. Your commitment to responsible disclosure, even in the absence of a financial incentive, is pivotal in maintaining the trust and safety of our user community.

Thank you for your understanding and efforts in ensuring Moeco’s products remain secure.

Last update: August 2023.