Vulnerability Disclosure Policy

  1. Introduction

    At BikeTrac Ltd, we prioritise the security of our systems and the protection of our customers’ data. We recognise the valuable role that security researchers and the wider community play in identifying and responsibly disclosing vulnerabilities. This Vulnerability Disclosure Policy outlines our approach to handling such disclosures in a structured and transparent manner.

  2. Scope

    This policy applies to any digital assets owned, operated, or maintained by BikeTrac Ltd, including but not limited to our websites, applications, and connected services. We encourage responsible disclosure of vulnerabilities that could potentially affect the confidentiality, integrity, or availability of our systems and customer data.

  3. Reporting a Vulnerability

    If you believe you have discovered a security vulnerability, please report it to us by following these guidelines:

    • Email us at hello@alltrac.co.uk with a detailed description of the vulnerability, including steps to reproduce it.
    • Provide relevant technical details, such as system configurations, proof-of-concept code, or logs that demonstrate the issue.
    • Do not publicly disclose the vulnerability until BikeTrac Ltd has had an opportunity to investigate and remediate the issue.
    • Allow us a reasonable time frame (typically 90 days) to address the issue before any public disclosure.
  4. What We Ask of You

    To ensure a responsible and ethical disclosure process, we ask researchers to:

    • Avoid any activity that would cause harm to our customers, systems, or data.
    • Refrain from any actions that may lead to data breaches, system disruptions, or unauthorised data access.
    • Comply with applicable laws and regulations during security testing.
    • Conduct testing in a manner that minimises risk and impact.
  5. What You Can Expect from Us

    Upon receiving a vulnerability report, BikeTrac Ltd will:

    • Acknowledge receipt of the report within five business days.
    • Investigate and validate the vulnerability.
    • Provide an estimated timeline for remediation, if applicable.
    • Keep you informed of progress and coordinate any necessary public disclosure.
    • Recognise and appreciate responsible disclosure efforts (potential public acknowledgment, where appropriate).
  6. Safe Harbor

    BikeTrac Ltd is committed to working collaboratively with security researchers. As long as you comply with this policy and act in good faith, we will not pursue legal action against you for security testing performed in accordance with this policy.

  7. Policy Updates

    BikeTrac Ltd reserves the right to update this policy at any time. We encourage researchers and stakeholders to review this document periodically to stay informed about any changes.

  8. Contact Information

    For vulnerability disclosures or security-related inquiries, please contact us at hello@alltrac.co.uk.

Thank you for helping us keep BikeTrac Ltd secure.