1. Introduction

At Kitchen Flow, the security of our systems, data, and customer information is a top priority. We understand the importance of identifying and addressing potential security vulnerabilities promptly. This Vulnerability Reporting Policy outlines how to report security concerns and vulnerabilities within our systems and applications.

2. Reporting Vulnerabilities

We appreciate the responsible reporting of any potential security vulnerabilities. If you discover a vulnerability or believe you have identified a security issue within Kitchen Flow, we ask that you report it to us following these guidelines:

• Contact Information: Report the vulnerability via email to hello@kitchenflow.ca
• Detailed Report: In your report, please provide as much information as possible. Include a detailed description of the vulnerability, the steps to reproduce it, and any supporting documentation or evidence.
• Responsible Disclosure: We request that you follow responsible disclosure practices. Give us a reasonable amount of time to investigate and address the issue before publicly disclosing it. Responsible disclosure helps us protect our systems and users.

3. Confidentiality and Non-Disclosure

We understand the sensitivity and potential risks associated with security vulnerabilities. We are committed to keeping your report confidential and will not share your personal information without your explicit consent. Please use secure and encrypted communication channels when sharing information with us.

4. Acknowledgment and Follow-up

Upon receiving your vulnerability report, we will acknowledge it within 24 business days. Our security team will conduct a thorough investigation and work diligently to address and resolve the issue as quickly as possible.

We may contact you for additional details or clarification during the investigation process. Once the vulnerability is resolved, we will provide credit or acknowledgment, as deemed appropriate.

5. Recognition and Appreciation

We value your contribution to our security. Depending on the significance and severity of the reported vulnerability, we may offer recognition and gratitude. Recognition may include mentioning your name on our website, a public acknowledgment, or a suitable token of appreciation.

6. Legal Considerations

It is essential to understand that good-faith security research and responsible disclosure are typically protected by law. Nevertheless, we advise you to seek legal counsel for specific guidance, as legal requirements can vary depending on your jurisdiction.

7. Amendments to this Policy

This Vulnerability Reporting Policy may be updated as needed. Any revisions will be posted on our website, along with the updated effective date.

By submitting a vulnerability report, you agree to abide by the terms outlined in this Vulnerability Reporting Policy. If you have any questions or concerns about this policy, please contact us at hello@kitchenflow.ca.