Responsible Disclosure Policy

Introduction

Garbott Ltd trading as Analytics Options ("we", "us", or "our") is committed to ensuring the security of our website and systems. We appreciate the efforts of security researchers and the security community in helping us maintain a secure environment for our users.

This Responsible Disclosure Policy outlines how we handle security vulnerabilities and how security researchers can report potential issues to us.

Scope

This policy applies to:

• The Analytics Options website (analytics-options.com and related domains)
• Any associated web applications and services
• Infrastructure and systems directly related to our services

Out of scope: Social engineering attacks, physical security issues, denial of service attacks, spam, or issues that require physical access to a user's device.

How to Report

If you discover a security vulnerability, please report it to us as soon as possible. We ask that you:

• Email your findings to: [email protected]
• Provide sufficient information to reproduce the vulnerability
• Include steps to reproduce, proof of concept, or screenshots if applicable
• Do not exploit the vulnerability beyond what is necessary to demonstrate it
• Do not access or modify data that does not belong to you
• Do not disrupt our services or systems
• Keep the vulnerability confidential until we have addressed it

What to Expect

When you report a vulnerability:

• We will acknowledge receipt of your report within 48 hours
• We will investigate the issue and provide an initial assessment within 7 days
• We will keep you informed of our progress in addressing the vulnerability
• We will notify you when the vulnerability has been resolved
• We will credit you for the discovery (if you wish) after the issue is resolved

Safe Harbor

We will not pursue legal action or law enforcement action against security researchers who:

• Act in good faith and in accordance with this policy
• Do not access, modify, or delete data beyond what is necessary to demonstrate the vulnerability
• Do not disrupt our services or systems
• Do not violate any applicable laws or regulations
• Report the vulnerability to us before publicly disclosing it
• Give us a reasonable amount of time to address the vulnerability before any public disclosure

Recognition

We appreciate the efforts of security researchers who help us improve our security. With your permission, we may recognize your contribution on our website or in security advisories. However, we respect your privacy if you prefer to remain anonymous.

Contact

For security-related inquiries or to report a vulnerability, please contact us at:

Email: [email protected]
Company: Garbott Ltd
Address: 13a Bankside, Kidlington, Oxford, OX5 1JE
Company registration number: 09884819
VAT No: GB 242827993