Responsible Disclosure

At Touch Incentive we consider the security of our systems very important. Despite our care for the security of our systems, it can still happen that there is a weak spot. If you have found a weakness in one of our systems, we would like to hear about it so that we can take action as quickly as possible. We would like to work with you to better protect our customers and our systems.

We ask you:

  • Email your findings to;
  • Do not abuse the problem by, for example, downloading more data than necessary to demonstrate the leak or accessing, deleting or modifying third-party data;
  • Not to share the problem with others until it is fixed and to delete all confidential data obtained through the leak immediately after fixing the leak;
  • Not use physical security attacks, social engineering, distributed denial of service, spam or third-party applications;
  • Provide sufficient information to reproduce the problem so that we can fix it as soon as possible. Usually the IP address or URL of the affected system and a description of the vulnerability is sufficient, but more may be required for more complex vulnerabilities.

What we promise:

  • We will respond to your report within 5 days. We will indicate whether it is a vulnerability unknown to us or not. If it is an unknown vulnerability, we will determine its risk and decide whether to implement the solution you suggested; If so, we will keep you informed about the progress of solving the problem;
  • To thank you for your help, we offer a reward of €25 for every report of a security problem unknown to us for which we decide to implement a solution;
  • If you have complied with the above conditions, we will not take any legal action against you regarding the report;

We will treat your report confidentially and will not share your personal data with third parties without your consent, unless this is necessary to comply with a legal obligation. Reporting under a pseudonym is possible. In reporting the reported problem, we will only mention your name as the discoverer if you so wish.

We aim to resolve all problems as quickly as possible and we would be happy to be involved in any publication about the problem after it has been resolved.