Security Policy Introduction We value the contributions of security researchers and the broader community in helping us identify and address potential security vulnerabilities. This policy outlines the guidelines for responsibly searching for, identifying, and reporting security issues related to our systems, services, and applications. Scope This policy applies to all services, websites, and applications owned and operated by Vatan Bilgisayar San. Tic. AS. Any systems or services explicitly marked as out-of-scope or belonging to third parties are not covered under this policy. Guidelines for Security Researchers Responsible Research: Perform testing only within the scope outlined above and avoid any actions that could disrupt services, compromise user data, or harm the experience of our users. No Harm: Do not exploit vulnerabilities beyond what is necessary to confirm their existence. Avoid actions that degrade system performance, destroy data, or interrupt service availability. Legal Compliance: Ensure all research complies with applicable local, national, and international laws. Testing Methods: Use non-destructive testing methods. Automated tools should be used cautiously to avoid excessive load on our systems. Reporting a Vulnerability If you discover a potential security issue, please report it to us promptly by: Emailing [security@vatanbilgisayar.com.com (mailto:security@vatanbilgisayar.com.com)] with a detailed description of the vulnerability. Including steps to reproduce the issue, your contact information, and any relevant screenshots or logs. Allowing us a reasonable timeframe (at least 90 days) to address the issue before disclosing it publicly. What We Promise We will acknowledge receipt of your report within [10 business days]. We will investigate and work to resolve reported issues in a timely manner. We will not pursue legal action against researchers who follow this policy in good faith. Where applicable, we may offer recognition or rewards for significant findings (at our discretion). Out of Scope The following activities are explicitly prohibited: Social engineering (e.g., phishing attacks against employees or users). Physical attacks against our facilities or infrastructure. Denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks. Any activity that violates user privacy or data protection laws. Contact For all security-related inquiries, reach us at [security@vatanbilgisayar.com.com (mailto:security@vatanbilgisayar.com.com)]. Last Updated: March 28, 2025