Vulnerability Disclosure Policy

The safety and security of our stakeholders' data (including customers, employees, partners and suppliers), and the reliability of our products and services, are important to Iko Pte. Ltd. (Iko). Therefore, we aim to design and develop products and services with high levels of security and reliability. Despite our best efforts, due to the highly complex and sophisticated nature of our products and services, vulnerabilities and errors may still be present in our products and services.

This policy describes Iko's approach to requesting and receiving reports related to potential vulnerabilities and errors in its products and services.

Customers, users, researchers, partners and any other person that interacts with Iko's products and services are encouraged to report identified vulnerabilities and errors by using the form below.

Iko highly appreciates the efforts made by the reporting party in identifying the vulnerability or error. This will contribute to improving the security and reliability of our products and services.

Please note that supplying your contact information with your report is entirely voluntary and at your discretion. Iko will only use such information to clarify the details of your report with you, if necessary. For more information, please refer to the Privacy Policy.

Products and services in this policy refer to digital products and services provided by Iko through

• *.ikocorp.com
• *.dermamonitor.com
• *.dermamonitor.xyz

By making a report to Iko using the form below, or otherwise communicating a report to Iko regarding vulnerabilities and errors, you agree to the following terms:

• You confirm that Iko may use your report for any purpose deemed relevant by Iko, including without limitation, for the purpose of correcting any vulnerabilities and errors that are reported and that Iko deems to exist and to require correction. To the extent that you propose any changes and/or improvements to an Iko product or service in your report, you assign to Iko all use and ownership rights to such proposals.
• You confirm to Iko that:
  • You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to Iko), the discovered vulnerabilities and/or errors.
  • You have not engaged, and will not engage, in testing/research of systems with the intention of harming Iko, its customers, employees, partners or suppliers.
  • You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered.
  • You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks.
  • You have not tested, and will not test, the physical security of any property or building of Iko.
  • You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with Iko's product or service that lead to your report.
  • You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that vulnerabilities and/or errors have been reported to Iko.
  • Iko does not guarantee that you will receive any response from Iko related to your report. Iko will only contact you regarding your report if Iko deems it necessary.
  • You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by Iko.