Schedule a consultation
Schedule a consultation
  • Over 25 years of experience
  • Full-service loyalty partner
  • Proprietary loyalty and e-commerce platform

Responsible Disclosure

Found a security issue? Please report it to us

At Touch Network B.V., we take the security of our systems very seriously. Despite our efforts to ensure the security of our systems, there may still be vulnerabilities.

Have you discovered a security issue in one of our systems? Please report it to us in a responsible manner so that we can take appropriate action.

We look forward to working together to better protect our systems and our customers.

What we ask of you

  • Please email your findings to privacy@touchincentive.com;
  • Do not exploit the vulnerability by, for example, downloading more data than is necessary to demonstrate the vulnerability, or by viewing, deleting, or modifying third-party data;
  • Do not disclose the vulnerability to others until it has been resolvedand immediately after patching the vulnerability, delete all confidential data that was obtained;
  • Do not use attacks targeting physical security, social engineering, distributed denial of service, spam, or third-party applications;
  • Please provide enough information to reproduce the vulnerability so that we can resolve it as quickly as possible. Usually, the IP address or URL of the affected system and a description of the vulnerability are sufficient, but more information may be needed for more complex vulnerabilities.

What we promise

  • We will respond to your report within 5 days. We will let you know whether or not it is a vulnerability we are not yet aware of;
  • If it is an unknown vulnerability, we will assess the risk and decide whether to implement the solution you have proposed. If so, we will keep you informed of the progress made in resolving the issue;
  • As a thank you for your help, we offer a reward of €25 for every report of a vulnerability previously unknown to us for which we decide to implement the solution you proposed;
  • If you have complied with the above conditions, we will not take any legal action against you in connection with your report;
  • We will treat your report confidentially and will not share your personal information with third parties without your consent, unless it is necessary to comply with a legal obligation. You may submit a report using a pseudonym. When communicating about the reported vulnerability, we will only credit you as the discoverer if you request it.

 

This policy applies exclusively to systems and websites owned or operated by Touch Network B.V. and its direct subsidiaries.

Vulnerabilities in third-party systems are not covered by this policy.

More information

Would you like to learn more about how we protect your privacy and ensure our security? If so, please read our Privacy policy.