At Duux BV, we consider the security of our systems to be very important. Despite our efforts to secure our systems, it is possible that a vulnerability may still exist.

If you have found a vulnerability in one of our systems, we would like to hear about it so that we can take measures as soon as possible. We would like to work with you to better protect our customers and our systems.

We ask you:

• To email your findings to privacy@duux.com.
• Not to misuse the vulnerability by, for example, downloading more data than necessary to demonstrate the leak or viewing, deleting, or modifying third-party data,
• Not to share the vulnerability with others until it has been resolved and to delete all confidential data obtained through the vulnerability immediately after the vulnerability has been patched,
  Not to use physical security attacks, social engineering, distributed denial of service, spam, or third-party applications, and
  To provide sufficient information to reproduce the problem so that we can resolve it as soon as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but more may be required for more complex vulnerabilities.

What we promise:

• We will confirm receipt of your report,
• If you have adhered to the above conditions, we will not take legal action against you regarding the report,
• We will treat your report confidentially and will not share your personal data with third parties without your consent unless it is necessary to comply with a legal obligation. Reporting under a pseudonym is possible,
  In any reporting regarding the reported problem, we will, if you wish, mention your name as the discoverer,
• We strive to resolve all issues as quickly as possible and would like to be involved in any potential publication about the problem after it has been resolved.