At Delio, we consider the security of our systems a top priority. However, no technology is perfect and Delio believes that working with skilled security researchers across the globe is very important in identifying weaknesses in any technology. If you believe you’ve found a security issue in our product or service, we appreciate your help in disclosing it to us in a responsible manner. We welcome working with you to resolve the issue promptly.
Delio will engage with security researchers when vulnerabilities are reported to us as described here. We will validate, respond, and fix vulnerabilities in support of our commitment to security and privacy. We won’t take legal action against, suspend, or terminate access to the Service of those who discover and report security vulnerabilities responsibly. Delio reserves all of its legal rights in the event of any non-compliance.
As thanks for your help, we offer a reward for every report of a security problem that is not known to us. We determine the value of the reward on the basis of the seriousness of the breach and the quality of the report.
Share the details of any suspected vulnerabilities with the Delio Security Team by filing a report. Please do not publicly disclose these details outside of this process without explicit permission. In reporting any suspected vulnerabilities, please include the following information:
Reports that carry an acceptable risk but demonstrate a valid security-related behavior will be closed as informative. Submissions that don’t present a security risk, are false positives, or are out of scope will be closed as N/A.
Identical reports will be marked as “Duplicate[s]” of the original submission; the original report can be marked as (but not limited) to “Triaged”, “N/A”, or “Informative.”
While we currently do not have a formal vulnerability reporting system in place at this time, please reach out to firstname.lastname@example.org to report any critical issues you may discover. Please encrypt any sensitive data with our PGP key.
In no event are you permitted to access, download or modify data residing in any other Account, or one that is not registered to you. While researching, we’d like to ask you to refrain from:
We ask that you do not share or publicise an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the Delio security team and associated development organizations will use reasonable efforts to:
As a token of our gratitude for your assistance, we offer a reward for every report of a security problem that was not yet known to us. The amount of the reward will be determined based on the severity of the leak and the quality of the report.