Try for free
Try for free Sign in
Fill 25 Fill 10

Responsible disclosure

We continuously pay attention to the security of privacy sensitive data. For instance, we regularly have external parties carry out penetration tests and we implement the resulting recommendations.

Ethical Hacking

Despite our attention to the security of our customer data, it may still happen that there is a vulnerability that can be exploited. We have a positive attitude toward the concept of ethical hacking and appreciate it if vulnerabilities in our software are found in a responsible way. If you have found a vulnerability in oue of our systems, we would like to hear about it so that we can solve this as quickly as possible. We would like to work with you to better protect our customers and our systems.

We ask you to:

  • E-mail your findings to security@buku.io.
  • Not abuse the problem by downloading more data than necessary to demonstrate the leak or view, remove, or modify third party data.
  • Not share the problem with others until it is resolved and removing all confidential information that was obtained through the leak immediately after confirmation of the leak.
  • Not use attacks on physical security, social engineering, (distributed) denial of services, spam, or third party applications.
  • Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability is sufficient, but with more complex vulnerabilities, more information may be necessary.

What we promise:

  • We treat your report with the highest priority and respond with our assessment of the report and an expected date for a solution within 3 days.
  • If you have complied with the above conditions, we will not take legal action against you regarding the report.
  • We treat your report confidentially and will not share your personal information with third parties without your permission, unless this is necessary to comply with a legal obligation.
  • We will keep you up to date on the progress of resolving the problem.
  • In publications regarding the reported problem, we will include your name as the discoverer if you desire.
  • We strive to resolve all problems as quickly as possible and would like to be involved with any publication regarding the problem after it has been resolved.