Delivr recognizes the importance of privacy, security, and community outreach. Our top priority is ensuring the safety and security of our technology users and protecting the information of Delivr, customers, consumers, and employees. To accomplish this, we have implemented a coordinated and constructive approach to address and report security issues.

When properly notified of legitimate issues, we will do our best to acknowledge your vulnerability report, assign resources to investigate the case, and fix potential problems as quickly as possible. Whether you are a user of Delivr products, a software developer, or a security enthusiast, you are an essential part of this process.

Reporting Security Issues

If you believe you have discovered a vulnerability in a Delivr asset/system or have a security incident to report, please fill out a support form.

In all cases, you must:

• Respect our privacy. Contact us immediately if you access anyone else’s data, personal or otherwise, such as usernames, passwords and other credentials. You must not save, store or transmit this information.
• Act in good faith. You should report the vulnerability to us without attached conditions. Please work with us. Promptly report any findings to us, stopping after you find the first vulnerability and requesting permission to continue testing. Allow us a reasonable time to resolve the vulnerability before publicly disclosing it.

And you must not:

• Exfiltrate data. Instead, use a proof of concept to demonstrate a vulnerability.
• Exploit a vulnerability to disable further security controls.
• Perform social engineering.
• Use automated scanners.

Next Steps

Upon receipt of the vulnerability/security report, Delivr will undertake a series of steps to address the issue:

1. Delivr requests the reporter keep any communication regarding the vulnerability confidential.
2. Delivr investigates and verifies the vulnerability.
3. Delivr addresses the vulnerability and releases an update or patch to the software. If, for some reason, this cannot be done quickly or at all, Delivr will provide information on recommended mitigations.
4. Delivr will endeavor to keep the reporter apprised of every step in this process.

We greatly appreciate the efforts of security researchers and discoverers who share information on security issues, allowing us to improve our products and services and better protect our customers. Thank you for working with us through the above process.