Responsible Disclosure Policy

Last Updated: October 17, 2025

Principles

At Mijndokters Technologies, the security of our systems and data is a top priority.
Despite our best efforts, vulnerabilities may still exist. We appreciate your help in identifying and responsibly reporting any security issues so we can address them quickly and safely.

We commit to treating every report with respect, confidentiality, and fairness.

This policy applies to all systems and services operated by Mijndokters Technologies.

Out of scope are:

  • Third-party systems not owned or managed by us (e.g., hosting providers, analytics tools, payment processors)

  • Denial-of-service testing, social engineering, or physical attacks

If you are unsure whether a target is in scope, please contact us before conducting tests

If you discover a vulnerability

Please follow these guidelines:

  • Report it by emailing security@mijndokters.com.

  • Encrypt your message using our PGP key
    (PGP fingerprint: 14D6 A69E 0DE5 1576 FF52 A236 0691 9A17 13B0 D539).

  • Do not exploit the vulnerability (for example, do not download, modify, or delete data).

  • Do not share information about the vulnerability with others until we confirm it has been resolved.

  • Avoid attacks involving physical intrusion, social engineering, denial of service, spam, or testing of third-party systems.

  • Provide sufficient details so we can reproduce and verify the issue — such as affected URL, parameters, IP address, impact, and clear step-by-step description.

What you can expect from us

  • Acknowledgment: We will confirm receipt of your report within 3 business days.

  • Assessment: You will receive an initial evaluation and an estimated resolution timeline.

  • Confidentiality: We will treat your report and your personal data confidentially.

  • No legal action: If you act in good faith and comply with this policy, we will not pursue legal action.

  • Transparency: We will keep you informed of our investigation and the final resolution.

  • Credit: With your consent, we will publicly recognize you as the discoverer once the issue has been resolved.

Rewards

As a token of appreciation, we offer a reward for valid, previously unknown vulnerabilities:

  • Minimum reward: € 50 (gift certificate)

  • Reward value depends on severity, impact, and report quality

  • Duplicate or low-impact findings may not qualify for a reward

  • Rewards are granted at the discretion of Mijndokters Technologies

Disclosure and Resolution Timeline

We aim to resolve validated vulnerabilities within 90 days of confirmation.
If resolution requires more time, we will keep you updated.
After resolution, we encourage coordinated publication together with us, ensuring accurate and safe communication of the issue