Become a Roamler
EN
NL DE FR ES IT BE
Home How it works solutions By industry FMCG CPG Retailers TV & Internet Telecom Utilities Consumer Durables Real Estate E-mobility Security
solutions By service In-store insights Activation Installations Repairs Maintenance
workforce About contact
  • Home
  • How it works
  • solutions

    By industry

    FMCG CPG Retailers TV & Internet Telecom Utilities Consumer Durables Real Estate E-mobility Security

    By service

    In-store insights Activation Installations Repairs Maintenance
  • workforce
  • About
    Company Information Hub Careers CSR FreeFlex United
  • contact
Become a Roamler
EN
NL DE FR ES IT BE

Responsible Disclosure Policy

Report vulnerabilities

The safety of your data is our top priority. That’s why we work hard to protect our systems. But did you nonetheless find a flaw in our security? Help us by reporting the vulnerability. Please do not make a vulnerability public, before working with us on a solution first. We are not trying to cover up our mistakes, but making a vulnerability public might have serious consequences for all our customers.

How can I report a vulnerability?

You can report a vulnerability by sending an email to responsible-disclosure@roamler.com. If possible, encrypt your email with our GPG-key (ask for key) to prevent the information from falling in the wrong hands. Please explain in your e-mail the vulnerability you have found and provide us with enough information to reproduce and investigate the problem.

Can I report a vulnerability anonymously?

Absolutely. You are not required to provide your personal details.

The rules

Reports related to DMARC or SPF are not needed. We are aware of the issues.

You might have conducted illegal activities to discover a vulnerability. We will not report these activities or claim damages if you have followed these rules:

  • act responsibly with the knowledge about the vulnerability, and do not perform any actions that go beyond what is necessary to demonstrate the flaw;
  • do not cause any damages;
  • do not use a denial-of-service attack or social engineering;
  • ensure that your research does not lead to an interruption of our services;
  • your research should never result in Roamler or customer data becoming public;
  • never place a backdoor, not even to demonstrate a vulnerability;
  • never modify or delete data. In case you need to copy data, never copy more data than strictly necessary;
  • do not make any system changes;
  • do not try to penetrate a system more often than necessary.
  • do not use brute force techniques.
  • do not use techniques that may affect the availability of our services.
  • Always report a vulnerability as soon as possible and please ask us for permission before making the vulnerability public.

What happens when I report a vulnerability?

We will start an investigation immediately after receiving your report. We always try to get back to you within a couple of days and will keep you up-to-date about our progress on solving the problem. The time we need to solve an issue depends on the complexity of the problem. After you have reported a problem, we ask you to refrain from making it public to give us time to solve the issue first.

Do you make the issue public?

Together, we can decide if and how the issue will be made public (after the problem has been solved). We can include your name in the publication if you want.

Can I get a reward for reporting an issue?

To thank you for your help we may offer you a reward, but we are never required to offer a reward. We only offer rewards for flaws that were unknown to us at the moment of reporting. We will determine the type and size of the reward based on the reported issue, taking the severity of the issue (amongst other things) into account. In case multiple people report the same issue, we will only offer a reward to the first reporter.

How about my privacy?

We only use your personal details to take action in response to your report. We don't share your data with third parties without your permission, unless we are legally required or a court order requires us to do so. If we contract another company to investigate your report, we might be required to share your data with this company. We will ensure this company also keeps your data confidential.

Laws and regulations

Always take applicable laws and regulations into account, because you could still get in trouble with the law, even if we don't report you to the authorities.

Terms & Conditions Terms & Conditions for Clients Responsible Disclosure Policy Privacy Statement Cookie Policy Statement of Applicability (PDF download) ISO 27001 (PDF download)

Acknowledgments

Roamler thanks the following individuals and organizations that have identified vulnerabilities in accordance with our Responsible Disclosure Policy.

2021

  • Navaid Ansari

2019

  • Hussein Daher
  • Mubassir Patel - @mubassipatel1
  • Suraj Deepakkumar Dodiya
  • Sameer Phad @sameerphad72

2018

  • Kirtikumar Anandrao Ramchandani
  • Nikhil Sahoo
  • Ipsita Subhadarshan Sahoo
  • Vishal Jain
  • Rajesh Tewari
  • Herane Malhotra
  • Sydney Grant
  • Suraj Gourkar
  • Dhruva Ghai
  • Gaurav Narwani
  • Akash Upadhyay - Mr_boogle
  • Pranshu Tiwari
  • Shubham Maheshwari

2017

  • Shivam Kamboj Dattana - S3chunt3r
  • Rasi Ras
  • Marvin van Walstijn - r00tacc3ss
  • Ishan Anand
  • Ankit Bharathan - provensec llc
  • Areeb Tahir

2016

  • Manikandan Rajakumar
  • Huzaifa Tahir
  • James Clyde

Roamler

Roamler retail Roamler tech Roamler care

About

Company Information Hub Careers CSR FreeFlex United

For Roamlers

Get the app Support

For Clients

Customer portal login

© 2021 Roamler B.V. All rights reserved

Careers| Support| Responsible Disclosure Policy| Legal

This website uses cookies

We use cookies to analyze website traffic and for marketing activities. By agreeing, you consent to these cookies. More info.

No, thanks OK