Vulnerability Disclosure Program

Last updated July 01, 2025

RIVAFY Vulnerability Disclosure Policy

In Short: RIVAFY's Vulnerability Disclosure Policy fosters trust and collaboration with security researchers. Report vulnerabilities responsibly via our form; RIVAFY will address them, and asks researchers to avoid harm and public disclosure until resolved.

Our Approach to Vulnerability Disclosure

At RIVAFY, we believe that effective disclosure of security vulnerabilities is built on a foundation of mutual trust, respect, transparency, and a shared commitment to the common good between RIVAFY and Security Researchers. Together, our collective vigilance and expertise enhance the ongoing security and privacy of RIVAFY's customers, products, and services.

Security Researchers

RIVAFY welcomes vulnerability reports from all sources, including independent security researchers, industry partners, vendors, customers, and consultants. For the purpose of this policy, RIVAFY defines a security vulnerability as an unintentional weakness or exposure that could potentially compromise the integrity, availability, or confidentiality of our products and services.

Scope

This policy applies to all digital assets owned, operated, or maintained by RIVAFY, including our public-facing websites.

Our Commitment to Researchers

• Trust: We are committed to maintaining trust and confidentiality in all our professional interactions with security researchers.
• Respect: We treat all researchers with the utmost respect and acknowledge your valuable contribution to keeping our customers safe and secure.
• Transparency: We will collaborate with you to validate and remediate reported vulnerabilities, consistent with our dedication to security and privacy.
• Common Good: We thoroughly investigate and address issues in a manner that prioritizes protecting the safety and security of those who might be affected by a reported vulnerability.

What We Ask of Researchers

• Trust: We kindly request that you communicate any potential vulnerabilities responsibly, allowing sufficient time and providing adequate information for our team to validate and resolve the issues.
• Respect: We ask that researchers make every effort to prevent privacy violations, avoid degrading the user experience, minimize disruption to production systems, and prevent data destruction during security testing.
• Transparency: We request that researchers provide the necessary technical details and background to enable our team to accurately identify and validate reported issues, preferably using the designated form.
• Common Good: We urge researchers to act for the common good, safeguarding user privacy and security by refraining from publicly disclosing unverified vulnerabilities until our team has had adequate time to validate and address the reported issues.

Vulnerability Reporting

RIVAFY recommends that security researchers share the details of any suspected vulnerabilities across any asset owned, controlled, or operated by RIVAFY (or that could reasonably impact the security of RIVAFY and our users) using the web form below. The RIVAFY Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution.

To submit your Report please use vulnerabilityreport@rivafy.com.