Last Updated: March 03, 2025
At Refuel Agency, we’re committed to delivering innovative marketing solutions while keeping our digital platforms secure for our clients, partners, and audiences. We value the security community’s expertise and invite responsible reporting of vulnerabilities in our systems to help us maintain a safe environment. This Vulnerability Disclosure Policy outlines how you can report potential security issues to us and what you can expect in return.
Scope
This policy applies to the following Refuel Agency-owned and operated digital assets:
https://www.refuelagency.com (our primary website)
Any subdomains under refuelagency.com (e.g., app.refuelagency.com, if applicable)
Out of Scope:
– Third-party services we use (e.g., Google Analytics, client-hosted platforms)
– Physical hardware or office networks
– Social engineering or phishing attempts against our staff
Guidelines for Responsible Reporting
We ask security researchers and concerned individuals to:
Report Privately: Submit findings to us before disclosing them publicly.
– Avoid Harm: Do not disrupt services, access unauthorized data, or degrade user experience (e.g., no denial-of-service attacks).
– Act in Good Faith: Follow this policy and applicable laws when testing or reporting.
In return, we offer:
Safe Harbor: We will not pursue legal action against you for vulnerabilities reported responsibly under this policy, provided you adhere to these guidelines.
How to Report a Vulnerability
Please send your report to [email protected] with the following details:
– A clear description of the vulnerability (what’s affected and how)
– Steps to reproduce the issue (e.g., URLs, actions taken)
– Your contact information (optional, for follow-up)
– Any supporting evidence (e.g., screenshots), if safe to share
What to Expect
– Acknowledgment: We’ll confirm receipt of your report within 5 business days.
– Review: Our team will assess the issue and prioritize fixes based on severity.
– Resolution: We aim to address valid vulnerabilities promptly, though timelines may vary.
– Disclosure: Please allow us 30 days to resolve the issue before sharing details publicly. We’ll work with you if earlier disclosure is needed for safety.
No Rewards
This is a disclosure program, not a bug bounty. We don’t offer monetary rewards, but we’re grateful for your help and may acknowledge contributors (with your permission) on our website.
Contact Us
Questions about this policy? Reach out to [email protected]
Thank you for helping us keep Refuel Agency secure as we fuel connections between brands and audiences.