Responsible Disclosure Policy

In this policy, references to "MarketFinance", "us", "we" and "our" mean MarketFinance Limited, a company incorporated and registered in England and Wales, with registered company number 07330525 and with a registered address at 48-50 Scrutton Street, London, England, EC2A 4XQ.


Values

MarketFinance takes the protection and privacy of our customers' data very seriously, and it is our highest priority. We, therefore, take the security of our systems extremely seriously, and we genuinely value the assistance of the security community in assisting us to keep all of our systems safe and secure. We therefore operate a responsible disclosure policy to allow you to quickly and effectively raise security concerns with the person who can address them.


Policy

If you believe you have identified a vulnerability, please read through the submission terms below and contact us. The terms below apply to any website, application or service distributed by or hosted by MarketFinance, or served under a domain owned by MarketFinance.

You can use our email address to alert us to:


  • Vulnerabilities or breaches in our software or environments which threaten the confidentiality, integrity or availability of our data or our customers' data.
  • Any "copycat" applications or phishing/vishing attacks against MarketFinance, our customers, contractors, or staff.
  • Activity, discussion or data in any public forum which you believe constitutes a threat to MarketFinance or our customers.


Responsibilities

We ask that you act responsibly and in the best interests of MarketFinance and our customers at all times.

  • Do not put any MarketFinance or customer data at risk.
  • Do not access, or attempt to access, data or information that does not belong to you.
  • Please do not engage in any activity that may negatively affect MarketFinance or its customers.
  • Do not break any laws or breach any agreements to discover vulnerabilities.
  • Do not use social engineering techniques against our customers, contractors, or staff.

It is essential that your communication is a responsible disclosure, and not seen as an attack or extortion. Following the guidelines we have provided will help to ensure that. We act decisively on attacks and extortion attempts, including reporting them to the relevant authorities.


Disclosure

If you believe you've found a security vulnerability in one of our products or platforms, please report it by emailing our security team. By emailing or providing a disclosure to us, you agree to our Terms and Conditions and that we can use your submission and its contents to ensure the security, integrity and reliable operation of our technology and business.

Your submission should contain:

  • Description of the location and potential impact of the vulnerability.
  • Detailed steps to reproduce the issue.
  • Any logs or other gathered materials which you have collected.
  • Your name, role (if appropriate) and contact details.


Response

Commitment

We ask that you do not share or publicise an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, we will make reasonable efforts to respond quickly.

Recognition

We do not offer any financial rewards for submissions, but we are happy to thank every individual researcher who submits a vulnerability report that helps us improve our overall security. We will not name anyone without their prior consent.

We are actively working to put a bug bounty program in place which will facilitate and regulate financial rewards for disclosures, but at this time, we cannot provide any monetary rewards.


Submit a disclosure

Anyone can report an information security issue using our dedicated email address: disclosure@marketfinance.com