Security

Responsible Disclosure Policy

Last updated: January 22, 2025

At MarktMentor B.V., we take the security of our systems and the protection of our user data very seriously. Despite our efforts to maintain the highest security standards, vulnerabilities may exist. If you discover a security vulnerability, we appreciate your help in responsibly disclosing it to us.

Contact

Security vulnerabilities can be reported via:

Scope

This responsible disclosure policy applies to:

  • The website marktmentor.nl and all subdomains
  • The MarktMentor mobile applications
  • The MarktMentor browser extension
  • API endpoints and backend services

The following are out of scope:

  • Social engineering attacks
  • Physical attacks on our offices or data centers
  • Denial of Service (DoS/DDoS) attacks
  • Spam or phishing campaigns
  • Vulnerabilities in third-party software not managed by us

Rules of Engagement

When researching vulnerabilities, we ask you to:

  • Not intentionally cause damage to our systems or users
  • Not modify, copy or delete any data
  • Not access accounts of other users
  • Not use automated scanning tools that generate excessive traffic
  • Not publicly disclose the vulnerability before it has been resolved
  • Not install malware, ransomware or other malicious software

What We Expect From You

When reporting a vulnerability, we ask you to:

  • Provide a clear description of the vulnerability
  • Document steps to reproduce the vulnerability
  • If possible, provide evidence (screenshots, logs, proof-of-concept)
  • Share your contact details so we can reach you
  • Submit the report in Dutch or English

Our Response

When you report a vulnerability, we will:

  • Within 3 business days: Send an acknowledgment of receipt
  • Within 10 business days: Provide an initial assessment of the report
  • Keep you informed of the progress of the resolution
  • Resolve the vulnerability as quickly as possible, depending on complexity and severity
  • Acknowledge your contribution (if desired)

Safe Harbor

MarktMentor will not take legal action against security researchers who act in good faith and comply with this responsible disclosure policy. We consider activities that comply with this policy as authorized and will not file civil or criminal claims.

If you accidentally access third-party data, we ask you to report this immediately and not copy, store or distribute this data. We will consider your good intentions when assessing the situation.

Acknowledgment

We appreciate the efforts of security researchers who help us make our systems more secure. With your permission, we would like to mention your name or alias as recognition for your contribution to our security.

Contact Details

MarktMentor B.V.
Schoutlaan 28A
6002EA Weert
Netherlands

Chamber of Commerce: 95758941
Security contact: security@marktmentor.nl