Bug Bounty and Security Reporting Terms
Dated: November 12, 2019
Cronometer
is committed to keeping our service and our users secure, and we appreciate the insights of independent security researchers
that make our products safer. If you become aware of any security issues (aka bugs) in the Cronometer web-based service or
iPhone or Android apps, you can bring them to our attention at security@cronometer.com.
Keeping Data
Safe
The privacy of our customers’ data is our priority. You may test security issues against your own
user account or unique test accounts that you create, but accessing other users’ accounts or data is strictly prohibited.
Your research activity must not harm other users. Never exfiltrate or change data on our systems. If you accidentally
encounter user data, please inform us immediately. Do not conduct testing that affects the general availability of
Cronometer, such as DDOS.
Safe Harbor
As long as you follow these terms, we will consider
your research activity authorized and will not initiate legal action against you regarding that research activity under
applicable anti-hacking laws.
Rewards
Cronometer does not promise any reward in exchange for
reports of security issues. In some circumstances, and at Cronometer’s sole discretion, Cronometer may decide to provide a
reward to independent security researchers who provide us with a report of an issue that we can reproduce, that has an
impact, and that leads to system improvements. We will not negotiate rewards under duress, and consider attempts to do so to
be a violation of this policy.
Communication and Disclosure
We will make every effort to
respond to security reports within a few days, but please be patient. If you would like to conduct a coordinated disclosure,
please let us know so we can discuss. Public disclosure is not allowed until and unless Cronometer has explicitly said so.
Some security issues may not be eligible for disclosure, at our discretion.
Additional
Terms
In limited circumstances, Cronometer may require additional information or cooperation from you,
including additional terms, in connection with processing bug reports and ensuring data protection. Please be prepared to
provide additional information and cooperation when requested. All other terms of Cronometer services apply unless
explicitly addressed here. We reserve the right to change the terms of this program at any time and at Cronometer’s sole
discretion.
Out of Scope
The following areas/issues are considered out of scope and not eligible
for a bounty.