Tokocrypto is committed to ensuring the security of our customer's data and the reliability of our products and services. This policy aims to provide clear guidelines for security researchers in conducting vulnerability discovery activities and reporting.
Restricted Actions
This section lists actions that are not authorized. Performing any of them will constitute a violation of this policy:
- Breach of Tokocrypto’s Terms and Conditions, any applicable laws and regulations in connection to, and leading up to your report.
- Denial of Service (DoS) or other actions that degrade, damage, delay, or interrupt Tokocrypto services.
- Exploitation of any vulnerabilities found by Tokocrypto.
- Social engineering, spamming, phishing, Denial-of-Service (DoS), or resource-exhaustion attacks.
- Testing the physical security of any property, building, plant, or facility of Tokocrypto.
- Leaking, modifying, destroying, or misusing any user data or system files of Tokocrypto.
Reporting
Tokocrypto highly appreciates the efforts made by the reporting party in identifying vulnerabilities or errors that occur in Tokocrypto. The reporting party will submit a report (“Report) detailing vulnerabilities and errors which will contribute to enhancing and improving the security and reliability of our products and services.
The preferred method for contacting Tokocrypto regarding security vulnerabilities is by using the form provided on this page.
By submitting a Report, you expressly agree to the following terms and undertake that:
- You assign all usage and ownership rights of the report to Tokocrypto.
- Your actions and interactions with Tokocrypto leading up to the Report are not in violation of any applicable laws, regulations and Tokocrypto’s Terms and Conditions.
- You have no intention of harming Tokocrypto, its customers, employees, partners, vendors, or suppliers and your primary purpose in attempting to identify vulnerabilities or errors is solely for the benefit of Tokocrypto, and not for the purpose of hacking or attempting to breach the system on the Tokocrypto’s platform.
- Tokocrypto is not liable for anything related to the Report you submit to Tokocrypto, and the Report will not cause any harm to Tokocrypto in any way.
- You agree not to disclose any information regarding the report, the vulnerability described within, or the fact that you submitted a report to Tokocrypto or any other information obtained in connection with Tokocrypto’s platform and services.
- You agree that the report is made in good faith, with no expectation of rewards, monetary or otherwise, from Tokocrypto.
Target
In scope :
- *.tokocrypto.com
- *.tcdx.id
- Tokocrypto Website
- Tokocrypto App for Android
- Tokocrypto App for iOS
Out of scope :
Reward
- P0 - Critical : IDR 20 - 30 Million
- P1 - High : IDR 10 - 20 Million
- P2 - Medium : IDR 5 - 10 Million
- P3 - Low : IDR 1 - 5 Million
Contact Information
Providing your contact information along with your Report is entirely voluntary and at your discretion. This does not guarantee that you will receive any responses from Tokocrypto regarding your Report. Tokocrypto may contact you about the content of the Report at its own discretion.
Additionally, Tokocrypto will process your contact information in accordance with Tokocrypto’s Privacy Policy. By filling in and submitting your contact information to Tokocrypto, you agree for your contact information to be processed in accordance with Tokocrypto's Privacy Policy.
