At Esgrid, we are committed to ensuring the security and privacy of our customers' data. As a growing company, we recognize that there may be vulnerabilities in our platform, and we take any reports of potential security issues seriously. To foster a collaborative approach to security, we invite security researchers, developers, and users to responsibly disclose vulnerabilities they discover.

Our Commitment

• Acknowledgment: We will acknowledge your report within 48 hours.

• Transparency: We will keep you informed throughout the process of investigating and addressing the reported issue.

• Priority: We will prioritize the investigation and resolution of valid vulnerabilities based on their severity.

• Recognition: If you wish, we will publicly recognize your contribution on our website, subject to your consent.

Scope
This policy applies to the following:

• Esgrid's core platform (app.esgrid.com)

Reporting Guidelines

1. Confidentiality: Please keep your discovery confidential until we have had a reasonable amount of time to address the vulnerability. Do not publicly disclose the vulnerability for at least 90 days.

2. Provide Detailed Information: The more detailed your report, the faster we can resolve the issue. Please include:

• Steps to reproduce the vulnerability

• Screenshots or proof of concept

• Potential impact and exploitation scenario

1. No Exploitation: Do not exploit the vulnerability beyond what is necessary to demonstrate the issue.

2. Legal and Safe Testing: Ensure that your testing is conducted within the boundaries of the law and does not violate any agreements or disrupt our services.

3. Please do not use the identified security vulnerability to your advantage and avoid storing any confidential data obtained due to the issue.
   
   

How to Report
If you discover a vulnerability, please report it to us at support@esgrid.com

What to Expect After Reporting

• Initial Response: We will respond to your report within 48 hours.

• Assessment: We will assess the reported issue and work to resolve it as quickly as possible.

• Status Updates: We will provide regular updates on our progress in resolving the issue.

• Resolution: Once the issue is resolved, we will notify you, and with your consent, acknowledge your contribution.
  
  

Recognition and Rewards
While we currently do not offer a formal bug bounty program, we appreciate and recognize your contributions to making our platform safer. We may also offer a token of appreciation depending on the severity of the issue and the quality of the report.By following this policy, we can work together to maintain the security and integrity of Esgrid. Thank you for helping us keep our platform safe!