RESPONSIBLE DISCLOSURE POLICY

At MrD, we've built our business on the simple principle that our customers come first. We aim to keep our website, mobile site, and related software applications ("Website"), as well as the service offered on our Website ("Service") safe for everyone to use, and data security is of the utmost importance. If you have discovered a security vulnerability in our Website or Service, we encourage you to contact us and disclose it to us in a responsible manner.

When security vulnerabilities are reported to us in compliance with this policy, MrD will validate and fix such vulnerabilities as soon as reasonably possible, in line with our commitment to the privacy, safety and security of our customers. We will not take legal action against you or terminate your access to the Service if you discover and report security vulnerabilities responsibly in compliance with this policy. MrD reserves all of its legal rights in the event of any non-compliance with this policy.

If you are a current customer and observe any unauthorised activity occurring on your account, or suspect that your account might be compromised, please contact us at security@mrd.com so that it can be investigated by the relevant teams. For any other queries, please contact us here. Your issue will be investigated immediately and thoroughly.

Reporting a Security Vulnerability

If you think that you have found a security vulnerability in our Website or Service, please contact us immediately via security@mrd.com. When reporting a security vulnerability, you must do the following:

In-scope Findings

The following types of findings are in-scope and are of interest to MrD, on the mrdfood.com domain and its subdomains:

Out-of-scope Restrictions

At MrD, we welcome “white hat” security researchers, and appreciate your research and proactive responsible disclosure. Please note however that MrD does not permit you to do any of the following:

Contravening this Policy in any way may result in us suspending or terminating your access to the Website and Service, contacting the relevant authorities and/or pursuing any other remedies we have at law.

Non-qualifying Submissions

The risk and value of a vulnerability is determined by its impact and exploitability. If a vulnerability is not directly exploitable or does not lead to a significant threat, it will not form part of this Policy. The following types of disclosures are not part of this Policy:

These findings only become eligible in the event that a reasonable, exploitable attack chain is reported. Please note that, at the discretion of MrD, other findings may also be added to the list of non-qualifying submissions on a case by case basis.

Our Commitment

If you identify a security vulnerability in compliance with this Policy, MrDcommits to:

MrD does not run a bug bounty program, and thus does not offer any monetary rewards for any valid responsible disclosures. MrD will however provide certificates of appreciation for the first instance of an identified vulnerability, as mentioned above.