Information!

Security Policy

At mindtwo, we take the security of our systems and customer data very seriously. We value collaboration with the security research community and appreciate reports of potential security vulnerabilities. This policy describes how you can responsibly report security issues and how we handle your reports.

Reporting Security Vulnerabilities

If you discover a security vulnerability in our systems or services, we ask you to confidentially report it to us:

Email:
PGP Encryption: Our public PGP key is available at https://www.mindtwo.nl/pgp-key.txt

Information We Need

To process your report efficiently, please provide the following information:

  1. Detailed description of the security vulnerability
  2. Steps to reproduce the issue
  3. Affected systems or URLs
  4. Potential impact of the security vulnerability
  5. Possible solutions (if known)
  6. Your contact information for follow-up questions

Our Process

After receiving your report, we will:

  1. Confirmation: Acknowledge receipt of your report within 48 hours
  2. Assessment: Analyze and evaluate the reported security vulnerability
  3. Communication: Keep you informed about the progress
  4. Remediation: Fix the confirmed security vulnerability as quickly as possible
  5. Publication: Publish information after resolving the issue and in consultation with you

Our Commitments

  • We will treat your report confidentially
  • We will keep you informed about the progress in resolving the issue
  • We will appropriately acknowledge your assistance (with your consent)
  • We will not take legal action against you if you follow this policy

Permitted Activities

The following activities are permitted as part of security research:

  • Testing our publicly accessible websites and applications
  • Reporting security vulnerabilities through the specified channels
  • Providing sufficient information to reproduce and fix the issue

Prohibited Activities

The following activities are not permitted:

  • Denial-of-service attacks
  • Social engineering of our employees or customers
  • Physical access to our facilities or infrastructure
  • Accessing, modifying, or deleting data
  • Testing third-party systems or applications hosted by us
  • Automated testing that could cause excessive load on our systems

Acknowledgment

We appreciate the work of security researchers and want to acknowledge their contributions. With your consent, we will include you in our Hall of Fame.

Reward Program

Currently, we do not offer a formal bug bounty program. However, we reserve the right to reward particularly valuable contributions at our discretion.

Contact

If you have any questions about this security policy, please contact

Last updated: 29.04.2025

Schedule a preliminary meeting

Arrange a non-binding and free consultation appointment and present your project to us.

Let's talk

mindtwo Management