Security policy

At Optimizers, we prioritize the security and privacy of our users. We are committed to maintaining a safe and secure environment for everyone. If you have discovered a security vulnerability in our systems, we appreciate your help in disclosing it responsibly.

We ask you to:

  • Email your findings to secops@optimizers.com. Optionally you can encrypt your findings with our PGP key to prevent the information from falling into the wrong hands;
  • Not to exploit the problem by, for example, downloading more data than necessary to demonstrate the leak or viewing, deleting, or modifying third-party data;
  • Not to share the problem with others until it has been resolved and to immediately delete all confidential data obtained through the leak after it has been fixed;
  • Not to use tools that cause inconvenience or interruptions, such as security scanners or DDoS tools;
  • Not to engage in attacks on physical security, social engineering, Distributed Denial of Service, spam, or third-party applications, and;
  • Provide sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability are sufficient, but for more complex vulnerabilities, it does not hurt to supplement that with steps to reproduce and/or screenshots to illustrate the problem.

What we promise:

  • We will respond to your report within five working days with our assessment of the report and an expected date for a solution;
  • We are aware that you may have performed actions that are punishable by law in your investigation of a problem. If you have acted in good faith and according to these conditions, there is no reason for us to file a report.
  • We will treat your report confidentially and will not share your personal data with third parties without your permission unless it is necessary to comply with a legal obligation. Reporting under a pseudonym is possible;
  • We will keep you informed of the progress of resolving the problem;
  • In reporting on the reported problem, we will, if you wish, mention your name as the discoverer, and;
  • As a thank you for your help, we offer a reward for each report of a security problem that is still unknown to us. We determine the size of the reward based on the severity of the leak and the quality of the report.

Exceptions and points of attention:

  • Rewards are not given for reports about problems on third-party sites and systems.
  • This is not an invitation to extensively scan our sites and platforms; this causes us inconvenience and we will therefore actively deter it.
  • (D)DOS, physical security, and social engineering are outside these provisions. We strive to resolve all problems as quickly as possible, and we would like to be involved in any publication about the problem after it has been resolved.