We kindly request the following:

• Please send your findings to  security@ideal.nl
• Do not exploit the issue, for example, by downloading more data than necessary to demonstrate the vulnerability, or by viewing, deleting, or modifying third-party data.
• Do not share the issue with others until it has been resolved, and delete any confidential information obtained through the vulnerability immediately after the breach has been fixed.
• Do not use physical attacks, social engineering, distributed denial of service (DDoS), spam, or third-party applications.
• Provide enough information to reproduce the issue, so we can resolve it promptly. Usually, the IP address or URL of the affected system and a description of the vulnerability suffice, but more complex vulnerabilities may require additional information.

Our commitments:

• We will respond to your report within two working days with our assessment and an estimated date for resolving the issue.
• If you adhere to the above conditions, we will not take legal action against you regarding the report.
• We will treat your report confidentially and will not share your personal data with third parties without your permission, unless it is necessary to comply with a legal obligation. You may also report under a pseudonym.
• We will keep you informed of the progress in resolving the issue.
• In our communication about the reported issue, we will credit you as the discoverer, should you wish us to do so.
• As a token of our appreciation, we offer a (symbolic) reward for each relevant report of a security issue that was previously unknown to us. The reward is determined based on the severity of the breach and the quality of the report.

We strive to resolve all issues as quickly as possible and would like to be involved in any publication about the problem once it has been resolved.