Responsible Disclosure

At Aden Advisory, the security of our systems, data, and users is a top priority. We greatly appreciate responsible security researchers who take the time to report vulnerabilities, helping us continuously improve the safety and resilience of our services.
 

By submitting a vulnerability report, you agree to the following Responsible Disclosure Terms of Use, designed to protect both you and Aden Advisory.
 

Safe Harbour

If you act in good faith and submit a vulnerability report in accordance with these Terms of Use and the submission process outlined below, Aden Advisory will not initiate legal action or refer the matter to law enforcement for accessing our systems without authorisation for the sole purpose of identifying security issues.
 

Submission Process

Please report potential vulnerabilities to us and include the following information:
 

• A clear description of the vulnerability

• URL, IP address, port, or location of the affected component

• Detailed steps to reproduce (including screenshots, logs, or proof-of-concept code)

• How the issue was discovered

• The potential impact

• Recommended remediation (if applicable)

• Your name and preferred contact details
   

We encourage clear, concise, and complete reports to help us investigate efficiently.

Scope
 

You must not access or test third-party systems, networks, devices, applications, or data in connection with this program. The Safe Harbour outlined above does not apply to any activity involving non-Aden Advisory assets.
 

Testing Guidelines

When testing, please ensure that:
 

• You do not use denial-of-service, brute force, destructive, or disruptive methods

• You cease testing immediately once a vulnerability is confirmed

• You do not attempt to compromise physical infrastructure or facilities
   

Any violation of this section voids the protections offered under our Safe Harbour.

Personal Data & Responsible Conduct

You confirm that you have not, and will not:
 

• Access or collect personal information of Aden Advisory users or clients

• Store, copy, transmit, or use any sensitive data for unauthorised purposes

• Misuse any data for fraudulent, malicious, or unlawful activity
   

If personal or sensitive data is inadvertently accessed, you must immediately delete it and notify us in your report.
 

Intellectual Property Rights
 

By submitting a report, you grant Aden Advisory a perpetual, royalty-free, worldwide license to use, modify, and act upon any information you provide, including proofs of concept, code samples, or suggestions, for the purpose of improving our systems, services, and security posture. You do not gain any rights to Aden Advisory's intellectual property in return.
 

Sanctions & Compliance

By participating, you represent that you are not subject to export sanctions or restrictions under Australian, U.S., or EU law, and that you are not acting on behalf of any entity or residing in a country subject to such sanctions.
 

Independent Status
 

Your engagement with us under this program does not create any employment, agency, or partnership relationship. You are acting as an independent researcher, and you have no authority to speak or act on behalf of Aden Advisory.
 

No Compensation
 

Unless explicitly agreed in writing, Aden Advisory is not obliged to compensate you for any vulnerability report or related efforts. You acknowledge that all submissions are made voluntarily and without expectation of financial reward.
 

Limitation of Liability

Aden Advisory and its affiliates, officers, contractors, and employees shall not be liable for any direct or indirect damages arising from your participation in this program, including any lost profits or incidental consequences.
 

Governing Law
 

These Terms are governed by the laws of New South Wales, Australia, without regard to conflict of law principles. Any disputes arising under this policy will be resolved under Australian jurisdiction.

Encrypted Reports
 

If you prefer to submit your report securely, please contact us for our PGP public key.

We sincerely thank you for helping us improve the safety of our systems and protect our clients. Aden Advisory reserves the right to modify or terminate this policy at any time.