Introduction

EverCharge Inc. is committed to the safety and security of our products for our customers. We welcome input from the security research community to improve our products and services. This policy outlines the rules of engagement with security researchers who wish to help us improve the security of our products and services.

Scope

This policy applies to the following products and services:

• EverCharge Inc. mobile applications
• EverCharge Inc. web applications
• EverCharge Inc. APIs
• EverCharge Inc. hardware

Authorization

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized we will work with you to understand and resolve the issue quickly, and EverCharge Inc. will not recommend or pursue legal action related to your research. Should legal action be initiated by a third party against you for activities that were conducted in accordance with this policy, we will make this authorization known.

Guidelines

• Test only against your own accounts when investigating vulnerabilities.
• Do not engage in any activity that can harm EverCharge Inc. or its customers.
• Do not access or modify data that does not belong to you.
• Do not exfiltrate any data, establish command line access, or otherwise compromise the integrity of our systems.
• Do not conduct any denial of service testing.
• Do not conduct social engineering, including spear phishing, of EverCharge Inc. employees, contractors, or customers.
• Do not conduct physical testing such as office access (e.g. open doors, tailgating)
• Do not conduct any testing of third party applications, websites, or services that integrate with EverCharge Inc. products or services.
• Do not publicly disclose any vulnerabilities without express written consent from EverCharge Inc.

Reporting a Vulnerability

If you believe you have found a security vulnerability in one of our products or services, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. Before reporting though, please review this document, including the scope of our vulnerability disclosure program, and make sure to follow the guidelines above.

To report a vulnerability, please send an email to security@evercharge.com. Your report should include the following information:

• Description of the location and potential impact of the vulnerability.
• A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us).
• Your name/handle and a link for recognition in our Hall of Fame (if desired).

What to Expect

When you report a vulnerability, we will acknowledge your report within 3 business days. We will work with you to understand and validate the issue and determine next steps. We will keep you informed of our progress and notify you when the vulnerability has been fixed. We will also recognize your contribution in our Hall of Fame (if desired).

Compliance and Penalties

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through one of the reporting channels listed above before going any further.

We will take legal action against you if you:

• Violate or suggest violating any laws or regulations.
• Disrupt or degrade our services.
• Disclose a vulnerability to anyone other than EverCharge Inc. without our express written consent.
• Use tools or techniques that could harm EverCharge Inc. or its customers.
• Conduct physical testing such as office access (e.g. open doors, tailgating)
• Conduct any testing of third party applications, websites, or services that integrate with EverCharge Inc. products or services.

Verification of Compliance

We may verify your compliance with this policy at any time. If you have concerns about compliance, please submit a report through one of the reporting channels listed above before going any further.

Hall of Fame

Future home of our Hall of Fame.