Responsible Disclosure Policy

Effective Date: January 15, 2025

At Partner-Up Inc., the security and privacy of our users and their data are of utmost importance. We are committed to safeguarding our platform and ensuring the Creator Marketing Platform remains a secure environment for businesses and brands to connect with content creators.

This Responsible Disclosure Policy outlines the guidelines for reporting security vulnerabilities in a safe and constructive manner.

1. Purpose

We recognize that despite our best efforts, vulnerabilities may still exist. This policy encourages ethical security researchers and users to report vulnerabilities, helping us improve our platform's security posture while protecting sensitive user data.

2. Scope

This policy applies to all digital assets owned and operated by Partner-Up Inc., including:

  • Partner-Up Creator Marketing Platform
  • Company Website (partner-up.net)
  • Any related web applications and APIs

3. What to Report

We encourage you to report:

  • Security vulnerabilities that could compromise user data (e.g., XSS, CSRF, SQL Injection).
  • Authentication or authorization flaws.
  • Exposed sensitive information.
  • Application logic errors that could be exploited.
  • Misconfigurations in cloud services or databases.

Out of Scope:

  • Social engineering attacks.
  • Physical security vulnerabilities.
  • Distributed Denial of Service (DDoS) vulnerabilities.
  • Spam and phishing attempts.

4. How to Report a Vulnerability

To report a vulnerability, please follow these guidelines:

  • Email us at: info@partner-up.net
  • Provide a detailed description of the issue, including steps to reproduce it.
  • Include any screenshots, proof of concept (PoC) code, or affected URLs.
  • Allow us a reasonable timeframe (typically 30 days) to investigate and address the issue before publicly disclosing it.

5. Our Commitment

  • We will acknowledge receipt of your report within 5 business days.
  • We will keep you informed about the progress and when the issue has been resolved.
  • We may recognize significant contributions publicly (with your consent) as part of our Security Hall of Fame.

6. Safe Harbor

We will not initiate legal action against individuals who:

  • Act in good faith to report vulnerabilities.
  • Do not exploit, share, or publicly disclose vulnerabilities before we address them.
  • Make every effort to avoid privacy violations, service disruption, and data deletion during testing.

7. Third-Party Services

Our platform integrates with third-party services such as Stripe for payment processing. Vulnerabilities in those services should be reported directly to the third party.

8. Recognition

While we do not offer monetary rewards at this time, we are grateful for contributions that help secure our platform.