The safety and security of our customers’ data, and the reliability of our products and services, are of utmost importance to Plume Design, Inc (Plume). Therefore, we aim to design and make products and services with the highest levels of security and reliability. Despite our best efforts, due to the highly complex and sophisticated nature of our products and services, vulnerabilities and errors (bugs) may still be present in our products and services.

This policy describes Plume’s approach to requesting and receiving reports related to potential vulnerabilities and errors in its products and services from those that interact with such products and services.

Customers, users, researchers, partners and any other person that interacts with Plume’s products and services are encouraged to report identified vulnerabilities and errors with such products and services.

The preferred method for contacting Plume Infosec Team regarding such vulnerabilities and errors is using the VDP Form or by contacting us at infosec@plume.com.

Plume highly appreciates the efforts made by the reporting party in identifying the vulnerability or error. Reporting of such vulnerabilities and errors will contribute to improving the security and reliability of our product and services.

Plume will only use such information to get in touch with you regarding clarifying the details of your report, if that is necessary and to evaluate the report. Otherwise, please visit our general privacy policy to see how we respect the privacy of your personal data: https://www.plume.com/legal/privacy/

By submitting a report to Plume, regarding vulnerabilities and errors, you agree to the following terms:

Plume may use your report for any purpose deemed relevant, including without limitation, for the purpose of correcting any vulnerabilities and errors that are reported and that Plume deems to exist and to require correction. To the extent that you propose any changes and/or improvements to a Plume product or service in your report, you assign to Plume all use and ownership rights to such proposals.

You can expect to receive an acknowledgement in 5 business days as well as periodic updates on progress during the confirmation of the security issue.

To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the process.

You confirm to Plume that:

• You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to Plume), the discovered vulnerabilities and/or errors.
• You have not engaged, and will not engage, in testing/research of systems with the intention of harming Plume, its customers, employees, partners or suppliers.
• You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered;
• You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks.
• You have not tested, and will not test, the physical security of any property, building, plant or factory of Plume;
• You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with Plume product or service that lead to your report.
• You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that a vulnerabilities and/or errors has been reported to Plume, until it has been resolved.
• You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by Plume.

For any queries or further information kindly contact at infosec@plume.com