Security Disclosure Policy

You can also read this document in Japanese here

This Security Disclosure Policy applies to both LaLoka Labs LLC and LaLoka Labs OÜ

At LaLoka Labs, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you’ve discovered a vulnerability, please follow the guidelines below to report it to our security team:

E-mail your findings to security@lalokalabs.co

This policy only applies to the services listed below:

Please follow these rules when testing/reporting vulnerabilities:

Do not take advantage of the vulnerability you have discovered, for example by downloading more data than is necessary to demonstrate the vulnerability.
Do not read, modify or delete data that isn’t your own.
We ask that you do not disclose the issues to third parties until it has been resolved.
The scope of this policy is limited to technical vulnerabilities in our services. Please do not try to test physical security or attempt phishing attacks against our employees, and so on.
Out of concern for the availability of our services to all users, please do not attempt to carry out DoS attacks, leverage black hat SEO techniques, spam people, and do other similarly questionable things. We also discourage the use of any vulnerability testing tools that automatically generate significant volumes of traffic.
Avoid leaving persistent payloads, XSS or the like behind you. Instead, use non-harmful payloads, track what you do, limit who is exposed as much as possible, and clean up!
Please refrain from requesting compensation for reporting vulnerabilities. If you want we can publicly acknowledge your responsible disclosure.

What we promise:

Due to the huge amount of communications that we receive on possible security issues on our products, we have decided to make changes to how we respond to disclosures to make sure that we only address valid, significant and reproducible issues. We will reserve the right to determine what is considered valid and significant

If we deem your report as valid, significant and reproducible, we will respond to your report with our evaluation of the report.
If you have followed the instructions above, we will not take any legal action against you in regard to the report.
If we have decided to respond to your report, we will also keep you informed of an expected resolution date.
If we have decided to respond to your report, to show our appreciation for your effort and cooperation during the report, we will list your name and a link to a personal website/social network profile on the page below so that the public can know you’ve helped keep our services secure for the benefit of many.

We sincerely appreciate the efforts of security researchers in keeping our services safe.

Created on 2021-10-28
Last Updated 2022-10-24

List of Contributors

Nikita Patel – LinkedIn
Karan Rathod – LinkedIn
Satyam Singh – LinkedIn

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.