Vulnerability Disclosures

If you believe you have found a security issue in Fieldmotion, we encourage you to notify us.

You must review this document, and the submission of your report implies your acceptance of our terms.

Vulnerability Disclosure Policy

The safety and security of our customers’ data, and the reliability of our services, are of highest priority to Fieldmotion, and we aim to develop our services to the highest levels of quality and security. However, because software development is complex, it is possible we have overlooked something, and we welcome any insights you may have about issues that we did not spot.

Customers, users, researchers, partners and any other person that interacts with our services are encouraged to report identified vulnerabilities and errors by sending an email to vulnerability.disclosure@fieldmotion.com. Please use the subject “Vulnerability Disclosure”. Any email not including that subject will be automatically deleted.

We appreciates the efforts made by the reporting party in identifying the vulnerability or error. You are contributing to improving the security and reliability of our services.

By disclosing a vulnerability to us, you agree to the following terms:

Fieldmotion may use your report for any purpose deemed relevant by Fieldmotion, including for the purpose of correcting any vulnerabilities and errors that are reported and that Fieldmotion deems to exist and to require correction. To the extent that you propose any changes and/or improvements to a Fieldmotion service in your report, you assign to Fieldmotion all use and ownership rights to such proposals.

You confirm that:

* You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to Fieldmotion), the discovered vulnerabilities and/or errors;
* You have not engaged, and will not engage, in testing/research of systems with the intention of harming Fieldmotion, its customers, employees, partners or suppliers;
* You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered;
* You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks;
* You have not tested, and will not test, the physical security of any property or building of Fieldmotion;
* You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with Fieldmotion’s services that lead to your report.
* You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that vulnerabilities and/or errors have been reported to Fieldmotion.

Fieldmotion does not guarantee that you will receive any response related to your report. Fieldmotion will only contact you regarding your report if Fieldmotion deems it necessary.

You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by Fieldmotion.