Karen Thomasine, the security and integrity of our digital platforms and the data entrusted to us are of utmost importance. We appreciate your effort in helping us identify and address potential vulnerabilities within our systems.

 

By submitting a vulnerability report, you agree to the following Terms of Use, designed to protect both you and Karen Thomasine.

 

1. Safe Harbor

If you submit a vulnerability report in good faith and in full compliance with these Terms, we will not pursue legal action or report you to law enforcement for accessing our systems without authorization for the sole purpose of identifying the vulnerability.

 

2. Submission Process

Please send all reports to info@karenthomasine.com with the subject line “Responsible Disclosure Report.”

Each submission should include:

a. A clear description of the vulnerability

b. Relevant URLs, IP addresses, ports, or other identifying details

c. Detailed steps to reproduce the issue (including screenshots, logs, or proof-of-concept code)

d. Explanation of how you discovered the issue

e. The potential impact of the vulnerability

f. Suggested remediation steps

g. Your full name and contact information

 

3. Scope

This program applies only to systems and applications owned or operated by Karen Thomasine. You may not, under any circumstances, access or test systems, networks, content, or data belonging to third parties. The safe harbor does not apply to such activity.

 

4. Testing Methodology

You may not perform denial-of-service attacks, attempt to compromise physical security, or use any destructive or disruptive testing methods. Once a vulnerability is identified, all testing must cease immediately, and the issue must be reported through the process described above.

 

5. Personal Data and Misuse

You must not access, store, or use any personal data belonging to clients, users, or partners. If you inadvertently obtain such data, you must immediately and securely delete it. Under no circumstances may you use data from our systems for malicious, fraudulent, defamatory, or unlawful purposes.

 

6. Intellectual Property

By submitting a report, you grant Karen Thomasine a perpetual, worldwide, royalty-free license to use, adapt, or disclose any materials submitted (including proof-of-concept code, suggestions, or improvements) for the purpose of remediation, research, or improvement of our products and services. This does not grant you any rights to Karen Thomasine’s intellectual property.

 

7. Sanctions Compliance

By submitting information, you represent that you are not subject to any trade sanctions or export restrictions under the laws of the United States, the European Union, or other relevant jurisdictions, and that you are not acting on behalf of any sanctioned entity or individual.

 

8. Independent Status

Submitting a vulnerability does not create an employment, partnership, or agency relationship with Karen Thomasine. You are acting as an independent party, and you may not make representations or commitments on our behalf.

 

9. Liability and Compensation

Karen Thomasine, its affiliates, employees, and representatives are not liable for any damages arising from your participation in this program. All submissions are voluntary, and unless otherwise agreed in writing, no compensation or reimbursement will be provided.

 

10. Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to its conflict of laws principles.

 

11. Encrypted Communication

For sensitive submissions, please use our PGP key available upon request at info@karenthomasine.com to send encrypted messages.