Responsible Vulnerability Disclosure Policy

At Macq SA, the security of our information systems, products, and services is a priority. Despite our efforts to ensure a high level of security, vulnerabilities may remain. If you discover a flaw or vulnerability in one of our systems, we invite you to report it to us in a responsible manner.

What should you do if you find a vulnerability ?

If you identify a vulnerability, please report it to us as soon as possible at the following address : securityreports@macq.eu.

Please provide the following information :

• A clear description of the vulnerability.
• The steps necessary to reproduce it.
• Any identified impacts.
• Your contact details (email) so that we can get back to you.

What we expect from you

For disclosure to be considered responsible, we ask that you :

• Do not abuse the vulnerability.
• Do not access, modify, or delete data.
• Do not disrupt our systems, services, or users.
• Do not disclose the vulnerability publicly before it is fixed, in consultation with us.

What you can expect from us ?

If you report a vulnerability in accordance with this policy :

• We will acknowledge receipt within 14 business days.
• We will keep you informed of the progress of the fix.
• We are committed to resolving the vulnerability within a reasonable time frame.
• If you wish, we may publicly acknowledge your contribution (e.g., on our “Hall of Fame” page).

We will not take any legal action against you if you comply with the conditions of responsible disclosure and the full policy:

Scope

This policy applies to digital systems and services provided and/or operated by Macq SA. It does not cover the systems of other companies or partners, unless explicitly stated.