Security Policy

1. Introduction

At Nubes, we take the security of our users' information seriously. Despite our efforts, vulnerabilities may exist. We encourage ethical security researchers to report findings regarding our systems and web application (x.perfectflow.online) responsibly.

2. Scope

This policy applies to perfectflow.online and associated infrastructure.

Out of Scope: Third-party services, social engineering (phishing) of staff, or physical security attacks.

3. Rewards and Compensation

Nubes does not currently offer a bug bounty program or monetary rewards for vulnerability disclosures.

We appreciate your efforts to improve our security and will acknowledge your contribution by a personalised (email) response.

4. Reporting Guidelines

• Email your findings to security@nubesbv.nl
• Provide a clear, detailed report including steps to reproduce the vulnerability
• Do not disclose the vulnerability publicly or to any third party before we have remediated it and agreed to the publication

5. Rules of Engagement ("Do No Harm")

Researchers must:

• Only test against accounts they own
• Do not access, modify, or delete data belonging to other users
• Do not cause a disruption of service (DDOS)
• Limit testing to what is necessary to demonstrate the vulnerability

6. Safe Harbor

If you make a good faith effort to comply with this policy, we will not initiate legal action against you, nor will we report you to law enforcement, regarding your research.