Responsible disclosure

Bosta UK Ltd and organising party Touch Incentive Marketing consider the security of systems very important. Despite our continuous attention and concern for the security of our systems, it could still be that there is a weak spot. If you have found a weak spot in one of our systems, we would like to hear about it so that we can take measures as quickly as possible. We would like you to work with us to better protect our customers and our systems.

We kindly ask you to:

  • Email your findings to privacy@touchincentive.nl
  • Not to abuse the problem by, for example, downloading more data than is necessary to demonstrate the leak or to view, delete or modify data from third parties;
  • Not share the problem with others until it is resolved and delete any confidential data obtained through the leak immediately after the leak has been closed;
  • Not to use attacks on physical security, social engineering, distributed denial of service, spam or third party applications;
  • Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. (Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more complex vulnerabilities may require more).

We promise:

  • We will respond to the report within 3 working days with our assessment of the report and an expected resolution date;
  • If the above conditions have been adhered to, we will not take legal action regarding the report;
  • We treat the report confidentially and will not share personal information with third parties without permission unless this is necessary to comply with a legal obligation. (Reporting under a pseudonym is possible);
  • We will keep you informed of the progress of solving the problem;
  • In the reporting on the reported problem, we will, if desired, mention your name as the discoverer;
  • As a thank you for help, we offer a reward for every report of an unknown security issue. We determine the size of the reward on the basis of the severity of the leak and the quality of the report with a minimum of a voucher of £25.

We strive to resolve all issues as quickly as possible and are happy to be involved in any publication about the issue once it has been resolved.