Security Policy
Logiq Consulting (hereafter referred to as: Logiq) is dedicated to maintaining the highest level of security for our systems and user data. This policy outlines our security measures and provides guidelines for the responsible reporting of vulnerabilities. We value the input of the security community to help us uphold our security standards.
Vulnerability Reporting Policy
We encourage the reporting of any security vulnerabilities discovered on our platform. To ensure responsible disclosure, please:
- Report details of any potential vulnerabilities to our security team at security@logiq.co.uk
- Allow us a reasonable timeframe to address the issue before any public disclosure.
- Refrain from activities that could lead to privacy breaches, data destruction, or service disruption during your testing.
Scope
In-scope assets include:
- All domains and subdomains under logiq.co.uk
- Web applications, mobile applications, and APIs provided by Logiq
Out-of-scope assets include:
- Third-party services and platforms that are not managed by Logiq
- Social engineering attacks (e.g., phishing)
- Physical attacks against our infrastructure or employees
Safe Harbour
We pledge not to pursue legal action against researchers who:
- Follow our vulnerability reporting guidelines and/or engage in testing within the scope defined above.
- Avoid intentionally harming the experience or privacy of our users, degrading our services, or exfiltrating data beyond what is necessary to demonstrate the vulnerability
Acknowledgement and Reward
Whilst we do not currently offer a bug bounty programme, we are happy to publicly acknowledge the contributions of researchers who report valid vulnerabilities, with their permission.
Confidentiality
We are committed to maintaining the confidentiality of all researchers. Personal information will not be shared with third parties without explicit permission, unless required by law.
Response Process
- Acknowledgement: We will acknowledge receipt of your report within 3 business days.
- Evaluation: Our security team will evaluate the report and respond with an initial assessment within 10 business days.
- Resolution: If the vulnerability is confirmed, we will work to remediate the issue as swiftly as possible. We will keep you informed of our progress and notify you when the issue has been resolved.
Policy Review
This security policy will be reviewed and updated on a regular basis to reflect changes in technology, threats and regulations. We will notify registered researchers of any changes by email.
Contact Information
Email: security@logiq.co.uk