Vulnerability Disclosure Policy

We at Respiree Pte Ltd takes the security of our product seriously. This policy describes Respiree’s approach in managing vulnerability in its products and services.

How to submit vulnerability 

Please report vulnerability via email at sales@respiree.com or using the form https://www.respiree.com/contact-us/

Please provide your name, email address and mobile number so that we may contact you for clarifications. Include the name(s) and email(s) of other person(s) to whom you may have disclosed the suspected vulnerability

Provide adequate information so that we may work with you on validating the suspected vulnerability. Please include these details (where available) in English:

· Description of the suspected vulnerability

· IP address and/or URL of the subject service

· Products serial no. for the hardware and version no. of the subject software

· Description of the circumstances, including date(s) and time(s), leading to your reporting of the suspected vulnerability

· Description of the reason(s) why you believe the suspected vulnerability may impact the subject service and the extent of such suspected potential impact (e.g. describe how you believe the suspected vulnerability might potentially operate)

Upon receiving the vulnerability report, Respiree will:

· Acknowledge receipt of your suspected vulnerability report and notify the stakeholders of the suspected vulnerability within 5 business days from our receipt of your report.

· Contact you and the stakeholders to resolve any validated vulnerability within 90 business days from our receipt of your report

What NOT to do

· Act in any way which may contravene applicable laws and regulations

· Publish or publicly disclose any suspected vulnerability to any third party before it is resolved

· Deploy destructive, disruptive or other unlawful means to detect vulnerabilities

· Exploit, test or otherwise use any suspected vulnerability