Privacy Policy | Inkeros 2023

INKEROS PRIVACY POLICY

Inkeros is committed to protecting the privacy of its customers and is dedicated to the responsible and transparent collection, use, and safeguarding of personal data. This Data Collection Policy outlines the procedures we follow in collecting, processing, and storing personal data.

Data Collection:

We collect personal data directly from our customers and through their interaction with our website, social media, or other forms of communication. This data may include, but is not limited to:

Name, address, and contact information
Payment and billing information
Purchase history and preferences
Demographic information
Communication preferences

Purpose of Data Collection:

We collect personal data for the following purposes:

To provide our services to customers
To process and fulfill orders
To improve our products and services
To personalize customer experiences
To comply with legal obligations

Data Retention:

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by law.

Data Security:

We use appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or destruction. This includes, but is not limited to, the use of firewalls, encryption, and access controls.

Data Sharing:

We may share personal data with third-party service providers who assist us in providing our services or with other parties as required by law.

Data Subject Rights:

Individuals have the right to access, correct, delete, or restrict the processing of their personal data. They also have the right to receive a copy of their personal data in a structured, commonly used, and machine-readable format.

Data Protection Officer:

We have appointed a Data Protection Officer to oversee our data protection practices and to ensure compliance with applicable data protection laws and regulations.

Policy Updates:

We may update this Data Collection Policy from time to time. We will notify customers of any significant changes and provide them with an updated policy.

Inkeros takes the privacy and security of personal data seriously and will continue to implement measures to ensure that our customers' data is collected, processed, and stored responsibly and transparently. By acknowledging this document, you consent to the collection, use and disclosure as described above.

Public-Facing Responsible Vulnerability Disclosure Policy

1.0 Introduction

Inkeros is committed to the security of our systems, data, and the trust of our customers and partners. We recognize the invaluable role that the security research community plays in identifying and reporting vulnerabilities. This policy provides a clear, good-faith framework for security researchers to report potential vulnerabilities and outlines what they can expect from us in return. We are dedicated to working collaboratively to address and remediate security issues promptly.

2.0 Safe Harbor

We believe in a collaborative approach to security. If you make a good-faith effort to comply with this policy during your security research, we will consider your activities to be authorized. We will not pursue or recommend legal action against you for your research, and we will work with you to understand and resolve the issue as quickly as possible.

3.0 Scope

This policy covers the following systems and services:

All publicly accessible websites and web applications owned and operated by Inkeros.
Our APIs and cloud services.
Any other systems that are explicitly approved and communicated to security researchers.

Vulnerabilities found in third-party products or services that we do not own or control are out of scope. Please report these directly to the respective vendor according to their disclosure policy.

4.0 Reporting a Vulnerability

To report a vulnerability, please email us with a detailed report to our dedicated security address: isaspfrvdp@inkeros.com.

To facilitate a quick and effective response, your report should include:

A clear and concise description of the vulnerability.
A specific location where the vulnerability was discovered (e.g., URL, IP address).
Step-by-step instructions to reproduce the vulnerability, including a benign, non-destructive proof-of-concept.
The potential impact of the vulnerability if exploited.
Any supporting materials, such as screenshots or log files.

5.0 Our Commitment

Upon receiving a vulnerability report, we commit to the following:

Initial Response: We will acknowledge receipt of your report within 7 business days.
Communication: We will keep you informed of our progress in triaging and remediating the reported vulnerability.
Confidentiality: We will treat your report and personal details (if provided) with strict confidentiality and will not share them with third parties without your explicit permission, unless required by law.
Resolution: We will work to remediate the vulnerability in a timely manner, based on its severity and potential impact.
Public Recognition: With your consent, we will publicly acknowledge your contribution to our security.

6.0 Responsible Disclosure Guidelines

To be eligible for our safe harbor and collaborative process, we require researchers to adhere to the following guidelines:

Do not access, modify, or delete data belonging to other users or the company.
Do not disrupt our services or perform any action that could degrade the user experience. This includes denial-of-service (DoS) attacks.
Do not use automated scanners or tools that generate a high volume of traffic.
Do not attempt social engineering or physical attacks on our employees or infrastructure.
Do not demand financial compensation for reporting a vulnerability outside of a formal, explicit bug bounty program (if one exists).
Do not disclose the vulnerability publicly until we have had a reasonable amount of time to remediate the issue and have granted permission to do so.

7.0 Policy Updates

This policy may be updated periodically. We encourage you to review it regularly to stay informed of our latest guidelines.