Responsible disclosure policy
Security is of high importance at Shell Recharge Solutions, and we, therefore, take several measures to ensure safety in all our interactions. To ensure we process information securely, we build our applications with security in mind. We use the latest technology to encrypt all personal information that is submitted through our site using SSL technology, which allows it to be transmitted securely over the Internet without anyone else having access to it. And ultimately, security tests are performed as an integrated part of our building process.
Report security vulnerabilities
In the unlikely event that you discover a weakness in our systems, we would like to be informed. This enables us to take steps to address the problem as quickly as possible and secure the safety of our employees, our customers and us as a company. To report a vulnerability, please email us at email@example.com and include the following information:
- A description of the vulnerability
- A description of how you have found the vulnerability. The more clear and concise, the better we can reproduce the problem.
- The URL
- Do not take advantage of the vulnerability or problem you have discovered, e.g. by downloading more data than necessary to demonstrate the vulnerability;
- Do not install malware, backdoors or any other software on our systems;
- Do not copy, change or delete information or configurations of systems
- Do not use 'brute force' to gain access to systems
- Do not reveal the problem to others until it has been resolved and you consulted us,
- Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties
We will respond to your report within 5 business days with our report evaluation and an expected resolution date. During the process that follows, we will keep you informed at all times.
We will handle your report with strict confidentiality and only use your personal information to get in contact with you about the report. When information about the problem is publically reported, we will not provide any information about the reporter, unless you would like to be attributed. Finally, we will not distribute your personal information to third parties without your permission, unless we are required to do so by law.
Law and regulations
Responsible disclosure regulations may differ per country. Investigation you carry out of our systems could be punishable under local or international law and undertaking of this may risk criminal prosecution. If you act in good faith, we will not report your actions to the authorities or claim for damage, unless we are required to do so by law. It is important to highlight that the public prosecutor will ultimately decide prosecution will take place, regardless of whether we report this to the authorities.