Thank you for helping us improve the security of GIA’s systems and applications. We value the safety of our platforms and the protection of the data we manage. By submitting a vulnerability report, you agree to the following Terms of Use (“Terms”), designed to protect both you and GIA.
1. Safe Harbor
If you submit a vulnerability report to GIA in accordance with these Terms, GIA will not pursue civil action or report you to law enforcement for accessing our systems without authorization in order to identify the vulnerability. Safe harbor applies only if you comply fully with these Terms.
2. Submission Process
All vulnerability reports should be submitted by email to giadisclosure@gmail.com. Each report should include:
a. A description of the vulnerability
b. URL, IP address, port, or other details to locate the issue
c. Clear steps to reproduce the vulnerability, including logs, screenshots, or proof-of-concept code
d. How you discovered the vulnerability
e. Presumed impact
f. Suggested remediation steps (if any)
g. Your name and contact information
3. Scope
You may not access the systems, networks, applications, or data of any third party. Safe harbor does not apply to such activities.
4. Methodology
You must not engage in:
- Denial-of-service attacks
- Attempts to compromise physical security or enter physical premises
- Any destructive activities
Once a vulnerability is identified, testing must cease immediately and the vulnerability must be reported. Safe harbor does not cover violations of this section.
5. No Access to Personal Data or Misuse of Data
By participating, you represent that:
- You have not accessed personal data of GIA users or customers
- Any inadvertently acquired data has been securely deleted
- You will not misuse any data for fraudulent, malicious, defamatory, abusive, unlawful, or other improper purposes
6. Intellectual Property Rights
By submitting vulnerability information, you grant GIA a perpetual, worldwide, royalty-free license to use and disclose your submission, including proofs-of-concept, code, suggestions, or other materials, to analyze, remediate, improve our systems, incorporate into products or services, or conduct testing.
No intellectual property rights are granted to you in connection with any GIA content, systems, or submissions.
7. Sanctions
By submitting information, you confirm that you are not subject to any export restrictions or trade sanctions, including sanctions maintained by Cameroon, the U.S., or the European Union. This includes being part of a sanctioned entity or residing in a sanctioned country.
8. Independent Contractor
Submitting a vulnerability does not create an employment, partnership, joint venture, or agency relationship between you and GIA. You have no authority to act on behalf of GIA or make commitments for GIA.
9. Disclaimer of Liability
GIA, its officers, affiliates, employees, and contractors are not liable for any direct, indirect, incidental, special, or consequential damages related to these Terms. Submissions are made at no cost, and GIA owes no fee or compensation for your report or any work performed in connection with it.
10. Miscellaneous
These Terms are governed by the laws of the Republic of Cameroon, without regard to conflict-of-laws principles. You may not use GIA logos, trademarks, or other branding without prior written consent.
Encrypted submissions may be sent using GIA’s public PGP key, available on the Responsible Disclosure page of our website.
giacameroon.com 