Responsible Disclosure
At KeyPact, the security of our systems is very important to us. Despite our concern for the security of our systems, there may still be a vulnerability.
KeyPact is a secure sharing platform, focusing on the secure exchange of files, videos and photos in the B2B, B2C, C2B and C2C market.

Though we go through great lengths to ensure that our systems are secure, it can occur that one of these systems has a vulnerability unknown to.

If you have found a weak spot in one of the IT systems and/or the product software of KeyPact, KeyPact would like to hear this from you, so the necessary measures can be taken as quickly as possible to rectify the vulnerability.
To deal with the vulnerabilities in the KeyPact IT systems responsibly, we propose several agreements. You may hold KeyPact to when you discover a weak spot in one of our systems or products.

KeyPact asks you to:
E-mail your findings to
Provide sufficient information to reproduce the problem so that KeyPact can solve the problem as quickly as possible.
The IP address or the URL of the system affected, and a description of the vulnerability is usually sufficient, but more may be needed for more complex vulnerabilities.

Kindly do not submit vague unverifiable problems. For example: At KeyPact URL you can enter a phished username and password which could potentially be used to login to your system.

Leave your contact details so that KeyPact can contact you to cooperate on a safe result. At least, leave a valid e-mail address.
Report the vulnerability as quickly as possible after its discovery.

Do not share the information on the security problem with others until the problem has been solved.
Handle the knowledge on the security problem with care by not performing any acts other than those necessary to reveal the security problem.
Avoid in any case the following acts:
- Installing malware.
- Copying, changing or deleting data in a system (an alternative to this is making a directory listing of a system).
- Making changes to a system.
- Repeatedly accessing the system or sharing access with others.
- Using so-called "brute force" to access systems.
- Using denial-of-service or social engineering.

What you can expect:

If you comply with the conditions above when reporting the observed vulnerability in an IT system of KeyPact, KeyPact will not attach any legal consequences to this report!

KeyPact handles a report confidentially and does not share personal details with third parties without permission from the reporter, unless this is mandatory by virtue of a judicial decision.

In mutual consultation, KeyPact can, if you desire, mention your name as the discoverer of the reported vulnerability on our hall of fame.
KeyPact will send you a confirmation of receipt within one working day.

KeyPact responds within three working days to a report with an assessment of the report and an expected date for a solution.
KeyPact keeps the reporter up-to-date on the progress made with solving the problem.

KeyPact solves the security problems observed by you in an IT system or product as quickly as possible, but no later than within 60 days. In mutual consultation, whether and in what way the problem will be published, after it has been solved, is determined.

KeyPact offers a reward as thanks for help.
Depending on the seriousness of the security problem and the quality of the report, the rewards are financial benefits or gift cards up to maximum of USD 5.000 in gift vouchers or cheques.
It must concern a serious problem that is unknown to KeyPact.

MARCH, 16 / 2020
KeyPact Protection Protocol Ltd.
Hong Kong

Phone: +852 81917658
© 2020 KeyPact
Comming soon
KeyPact Protection Protocol Ltd.
Hong Kong

Phone: +852 81917658
© 2020 KeyPact