1. Purpose

At DigiMetics Limited, we take the security and privacy of our systems, users, and data assets seriously. This document provides guidelines for customers, partners, and security researchers to responsibly report potential vulnerabilities or security issues related to DigiMetics’ digital platforms, infrastructure, or services.

2. Scope

  • All DigiMetics websites, web portals, and customer-facing applications
  • APIs, databases, and backend systems operated or hosted by DigiMetics
  • Digital communication channels and assets owned or controlled by DigiMetics Limited

3. Responsible Disclosure Guidelines

  1. Act in good faith, respecting privacy and confidentiality.
  2. Avoid exploitation or public disclosure before DigiMetics has reviewed and resolved the issue.
  3. Refrain from disrupting DigiMetics systems, users, or services.
  4. Do not access or exfiltrate data that does not belong to you.

4. How to Report a Security Issue

If you identify a potential vulnerability, please contact our dedicated Security Response Team at:

Email: security@digimetics.com
Subject Line: Security Issue Report – [Short Description]

Include the following details:

  • Description of the vulnerability and potential impact
  • Steps to reproduce the issue
  • Supporting materials (screenshots, logs, or proof of concept)
  • Your name and contact information for follow-up communication
⚠️ Please do not include sensitive or personal data in your initial email.

5. Acknowledgment & Response Process

  1. Acknowledge receipt within 3 business days.
  2. Review and validate the issue internally.
  3. Provide status updates and timelines for resolution.
  4. Offer public credit recognition (with your consent) for verified responsible disclosures.

6. Legal Safe Harbor

DigiMetics will not pursue legal action against individuals who:

  • Report vulnerabilities in good faith,
  • Adhere to this disclosure policy, and
  • Refrain from data theft or system disruption.

7. Out-of-Scope Issues

  • Social engineering or phishing attempts
  • Denial-of-Service (DoS) or stress testing
  • Spam or fake email campaigns
  • Physical security concerns
  • UI/UX bugs or non-security-related software issues

8. Continuous Improvement

DigiMetics continuously enhances its cybersecurity controls, data protection measures, and incident response procedures to align with industry standards such as ISO/IEC 27001, PCI-DSS, and GDPR.

9. Contact

DigiMetics Limited
Carterton 5713, Wellington, New Zealand
📧 security@digimetics.com
🌐 www.digimetics.com