The safety and security of my clients and partners’ data, and the reliability of my services, are of utmost importance to me.

This policy describes my approach to requesting and receiving reports related to potential vulnerabilities and errors in its systems from customers, users, researchers, and any other person interacting with my systems. are encouraged to report identified vulnerabilities and errors.

The preferred method for contacting me regarding such vulnerabilities and errors is by using the dedicated email address security@issadiallo.link.

I highly appreciates the efforts You made in identifying the vulnerability or error. Reporting of such vulnerabilities and errors will contribute to improving the security and reliability of my systems and services.

Please note that supplying your contact information with your report is entirely voluntary and at Your discretion. I will make use of all reports that are submitted; both those submitted anonymously and those with contact information. If You do submit Your contact information, I will only use such information, in accordance with its legitimate interest to get in touch with you regarding clarifying the details of your report, if that is necessary. Therefore, Your personal data will be kept only as long as necessary for the purposes priorly listed.

By making a report to me using the email address above on this page, or otherwise communicating a report to me, regarding vulnerabilities and errors, You agree to the following terms:
I may use your report for any purpose deemed relevant by me, including without limitation, for the purpose of correcting any vulnerabilities and errors that are reported and that I deems to exist and to require correction. To the extent that You propose any changes and/or improvements my services and systems in your report, You assign to me all use and ownership rights to such proposals.

You confirm to me that:

• You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to me), the discovered vulnerabilities and/or errors;
• You have not engaged, and will not engage, in testing/research of systems with the intention of harming Sodexo, its customers, employees, partners or suppliers;
• You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that You have accessed or may be able to access in relation to the vulnerability and/or error discovered;
• You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks;
• You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with my product or service that lead to your report.
• You agree not to disclose to any third party (including but not limited to fellow researchers, colleagues, companies, governments)any information related to your report, the vulnerabilities and/or errors reported, nor the fact that vulnerabilities and/or errors have been reported to me.
• I does not guarantee that You will receive any response from me related to your report. Sodexo will only contact you regarding your report if i deems it necessary.
• You agree that You are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected.