Responsible Disclosure Policy – Peak AI

Last Updated: June 26, 2023

 

Introduction

Peak prides itself in appreciation for good security and protection. If you believe you’ve found a security vulnerability in the Peak website or service, let us know and we will work with you to resolve the issue.

This policy has been produced to follow common vulnerability disclosure best practices. It does not provide permission to conduct any unlawful activities or activities that may result in Peak or partner organisations to act unlawfully.

This policy applies to the Peak Website hosted at peak.ai and Peak platform hosted at platform.peak.ai and all subdomains or related services therein.

 

Disclosure Policy

Peak AI Limited does not run a bug bounty program. Peak respects and values members of the public who make the time and take the effort to report security vulnerabilities according to this policy. However, we do not offer monetary rewards for vulnerability disclosures.

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@peak.ai.

Please provide us with a reasonable amount of time to resolve the issue as well as information that we may require to replicate and resolve the issue.

As well as complying with our Terms of Use, we appreciate that you avoid violating privacy, destroying data, or interrupting or degrading the Peak service. Only accounts that you own or for which have explicit permission from the account holder for should be used or interacted with.

 

Exclusions

Any users believed to be engaging in excluded activities will have their user credentials immediately deactivated.

While researching, we’d like you to refrain from:

  • Any unlawful activity including local, international, data protection and privacy laws
  • Accessing unnecessary or excessive amounts of data
  • Modifying data in the Peak systems or services
  • Failing to properly secure data retrieved from Peak systems or services
  • Sharing data retrieved from Peak systems or services
  • Denial-of-Service (DoS)
  • Spamming
  • Social engineering or phishing of Peak employees, contractors or customers
  • Any attacks against Peak’s physical property
  • Utilising destructive or unnecessarily invasive scanning tools to find vulnerabilities

 

Contact

Peak is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to get in touch at security@peak.ai.