At House of Talentt, we prioritize the security and privacy of our users. We are committed to maintaining a secure environment for our community. To achieve this, we encourage responsible disclosure of any security vulnerabilities or issues that you may discover in our application or systems.
This policy applies to all components of House of Talentt, including our mobile application and associated services. It also applies to our APIs and any other platforms that interact with our services.
Please restrict your testing to systems and features explicitly identified as part of House of Talentt's platform. Do not test or interact with systems not owned or operated by House of Talentt, as this may cause unintended consequences.
Ensure that your testing does not disrupt the normal operation of our services or compromise user data. Avoid using automated tools that may overload our systems or cause denial of service.
Do not attempt to access, modify, or exfiltrate user data. If you discover a vulnerability that involves user data, do not view or use that data beyond the scope necessary to demonstrate the issue.
If you find a vulnerability, please follow these steps:
Do not publicly disclose the vulnerability until House of Talentt has had a reasonable amount of time to address the issue and implement a fix. We will work to acknowledge receipt of your report and provide updates on the resolution progress.
Do not attempt to gain access to another user’s account or data. Unauthorized access to user accounts is strictly prohibited.
Do not perform any attack that could harm the reliability or integrity of our services or data. This includes activities that could compromise the stability or security of our platform.
Do not publicly disclose a bug or vulnerability before it has been fixed and addressed by House of Talentt. Responsible disclosure involves waiting until a resolution is implemented.
Only test for vulnerabilities on sites and services that you know to be operated by House of Talentt. Vulnerabilities found in third-party applications are excluded from this policy.
Do not impact other users with your testing. This includes testing for vulnerabilities in portals or systems that you do not own or control.
The use of automated scanners or tools to find vulnerabilities is forbidden. These tools can lead to unintended disruptions and will be blocked if detected.
Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
Do not conduct Distributed Denial of Service (DDoS/DoS) attacks. Our testing cluster is not scaled for such attacks, and this activity is strictly prohibited.
Acknowledgment: We appreciate and recognize the contributions of security researchers who help us improve our security posture. With your permission, we may publicly acknowledge your contribution in our security advisories or on our website.
Bug Bounty: At this time, we do not offer monetary rewards for vulnerability reports. However, we may offer other forms of recognition or appreciation for significant contributions.
Legal Compliance: Ensure your activities comply with applicable laws and regulations. Unauthorized access to systems or data may be subject to legal action.
Ethical Conduct: We expect all security researchers to act ethically and responsibly. Engaging in activities that may harm our users or compromise our systems is not condoned.
For any questions or to report a security issue, please contact us at security@houseoftalentt.com.
This Responsible Disclosure Policy may be updated periodically. Please review this document regularly to stay informed of any changes.