We ask you to:

• Not share the vulnerability with any third parties until the vulnerability has been mitigated.
• Not engage in attacks on physical security, brute force attacks, social engineering, distributed denial of service, spam, or third-party applications.
• Not conduct any further research beyond what is strictly necessary to disclose the security risk to ilionx.
• Not abuse the discovered vulnerability.
• Provide sufficient information to allow us to resolve the issue.
• Permanently delete any potentially confidential information acquired during the investigation as soon as the information security risk has been addressed.

What you can expect from ilionx:

• We will respond to your report within three days with an assessment and an estimated resolution time.
• We will keep you informed of the progress.
• We will treat your report confidentially and will not share your personal information with third parties without your consent unless required by law or regulation.
• We cannot rule out the possibility of legal action in advance; this assessment will be made on a case-by-case basis. When the above requests have been fulfilled, the report will only lead to legal action in exceptional cases.
• As a token of our appreciation for your assistance, we will provide you with a reward for each security issue reported to us that we were previously unaware of. The size of the reward will be determined based on the magnitude/scope of the vulnerability and the quality of the report.

Thank you!