At Enfinite Solutions Limited, trust is our #1 value and we take the protection of our customers’ data very seriously. We are committed to ensuring the security of our applications by protecting our customers’ personal and/or corporate data.

This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.

The Enfinite security team acknowledges the valuable role that independent security researchers play in Internet security. As a result, we encourage responsible reporting of any vulnerabilities that may be found in our site, applications or systems. Enfinite is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us.

As a policy, Enfinite does not offer compensation for reported issues.

Authorization:

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. We will work with you to understand and resolve the issue quickly, and Enfinite will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.

Guidelines:

Under this policy, "research" means activities in which you:

Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.

Testing for security vulnerabilities:

Whenever a Trial or Beta Edition is available, please conduct all vulnerability testing against such instances. Always use test or demo accounts when testing our online services.

Reporting a potential security vulnerability:

In order to help us triage and prioritize submissions, we recommend that your reports:

Privately share details of the suspected vulnerability with Enfinite by sending an email to [email protected]. The details of the suspected vulnerability will help the Enfinite security team validate and reproduce the issue.

Enfinite does not permit the following types of security research:

While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited:

The Enfinite security team commitment:

We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the Enfinite security team and associated development organizations and personnel will use reasonable efforts to:

We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at Enfinite.

Last updated: 1st February 2022.