Vulnerability Disclosure Policy - Square DTF

Vulnerability Disclosure Policy

Effective Date: March 01, 2026

1. Introduction

Square DTF is committed to protecting the security and privacy of our customers, partners, and systems. We value the contributions of security researchers in helping us identify and address potential vulnerabilities.

This policy outlines the guidelines for responsibly conducting vulnerability research and reporting findings to Square DTF.

2. Compliance

If you act in good faith and comply with this policy, Square DTF will not pursue legal action or refer your activities to law enforcement.

Any ambiguities will be resolved in favor of ethical and responsible research.

3. Requirements

  • Notify us promptly upon discovering a vulnerability
  • Avoid privacy violations, service disruption, and data loss
  • Only test to confirm the existence of a vulnerability
  • Do NOT access, modify, or delete data
  • Do NOT establish persistent access or pivot to other systems
  • Stop testing immediately if sensitive data is encountered and report it
  • Do not disclose vulnerabilities publicly without written consent

4. Prohibited Test Methods

  • Denial of Service (DoS/DDoS) or stress testing
  • Accessing accounts or data that do not belong to you
  • Sending spam or unsolicited messages
  • Social engineering or impersonation
  • Physical security testing (trespassing)
  • Uploading or distributing malicious software
  • Testing third-party systems not owned by Square DTF

5. Scope

This policy applies only to:

  • Square DTF website
  • Official web applications owned and operated by Square DTF
Out of Scope:
  • Internal systems and infrastructure
  • Third-party platforms or integrations
  • Cloud services not directly managed by Square DTF

If you believe a vulnerability exists outside this scope, please contact us before proceeding.

6. Reporting a Vulnerability

How to Report

Send reports to:
Reports may be submitted anonymously.

What to Include

  • Detailed description of the vulnerability
  • Steps to reproduce
  • Affected URLs or systems
  • Proof of concept (screenshots, scripts, etc.)

What You Can Expect

  • Acknowledgment within 5 business days
  • Follow-up for clarification if needed
  • Efforts to resolve the issue appropriately

Note: Square DTF does not offer a bug bounty or financial rewards.

7. Policy Updates

Square DTF may update or terminate this policy at any time. Please review periodically for changes.

8. Questions & Feedback

For any questions or suggestions, contact:

© 2026 Square DTF. All rights reserved.
Search
Search

Select Currency

{CC} - {CN}
Cancel