Vulnerability Disclosure Programme

1. Introduction and Scope

This Vulnerability Disclosure Programme (“Programme”) is designed to encourage the responsible disclosure of security vulnerabilities (“Vulnerabilities”) related to the services provided by Your FLOCK, registered as Your Flock Ltd at C/O Rjf Accounting & Business Services 10th Floor, 3 Hardman Street, Manchester, Greater Manchester, England, M3 3HF (“us”, “we”, “our”).

This Programme applies to all services and systems under the control of Your FLOCK. It does not apply to systems and services outside of our control.

2. Reporting Vulnerabilities

Individuals or organisations who believe they have discovered a Vulnerability related to our services should promptly notify us via our dedicated email address: [email protected].

The report should include detailed information about the nature of the discovered Vulnerability, including steps to reproduce the Vulnerability, screenshots, logs, scripts, or other evidence as applicable.

3. Safe Harbor Policy

We will not take legal action against or suspend or terminate the services for those who discover and report Vulnerabilities in accordance with this Programme, provided their actions do not involve unlawful activities, cause any harm to us or others, or violate our terms and conditions.

4. Response

Upon receiving a report, we will use all reasonable endeavours to:

• Acknowledge receipt of the report within five (5) business days.
• Confirm the existence of the Vulnerability, or request further information if necessary.
• Make all reasonable efforts to address the Vulnerability in an appropriate timeframe.
• Inform the reporter of the resolution.