Responsible Disclosure Policy

Pocketbook aims to keep its services safe for everyone, and security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in our service, we appreciate your help in disclosing it to us in a responsible manner. A ‘responsible manner’ means within 5 days of initial discovery of the vulnerability following the instructions below.

Please contact us by sending an email to security@getpocketbook.com if you have identified a potential security vulnerability with one of our services. After your incident report is received, the appropriate personnel will contact you to follow-up.

To ensure confidentiality, you should encrypt any sensitive information you send to us via e-mail. We are equipped to receive messages using PGP encryption. A copy of the certificate that can be used to send encrypted email can be downloaded below.

The security@getpocketbook.com email address is intended ONLY for the purposes of reporting security vulnerabilities or security inquiries relating to the service. Should you have any general technical or customer support inquiries about the Service, please visit our Help Centre or email us at hello@getpocketbook.com.

Scope

The scope of this Responsible Disclosure Policy extends to any applications or website owned by Pocketbook, including but not limited to:

  • https://getpocketbook.com/ website
  • ‘Pocketbook’ mobile application
  • ‘Tax Return by Pocketbook’ mobile application
  • ‘Pocketbook Tax Calculator’ mobile application

Eligibility

In order for your submission to be eligible:

  • You must agree to our Responsible Disclosure Policy.
  • You must be the first person to responsibly disclose an unknown issue.

All legitimate reports will be reviewed and assessed by Pocketbook to determine if it is eligible.

A monetary reward may be offered at our discretion.

If you have any questions or concerns – please get in touch with us at hello@getpocketbook.com and we’ll be happy to help.