TradeCheck Vulnerability Disclosure Policy
Provider: TradeCheck (NZ) Limited Security contact: feedback@solisai.co Effective date: 20 February 2026 Last updated: 20 February 2026
This policy explains how to report suspected security vulnerabilities in TradeCheck.
1. Reporting channel
Send vulnerability reports to feedback@solisai.co.
Include, where possible:
- affected URL, endpoint, or component,
- reproduction steps,
- expected vs observed behavior,
- potential impact,
- proof-of-concept details that are safe and minimal.
2. Good-faith testing expectations
We ask researchers to:
- act in good faith,
- avoid privacy violations, data destruction, or service disruption,
- avoid social engineering, phishing, or physical attacks,
- avoid denial-of-service or stress testing on production systems,
- stop testing and report promptly once a vulnerability is confirmed.
3. Safe handling requirements
Do not publicly disclose vulnerability details until TradeCheck has had a reasonable opportunity to investigate and remediate.
4. Response process
TradeCheck will make reasonable efforts to:
- acknowledge receipt,
- assess severity and impact,
- communicate status updates where practical,
- deploy remediation based on risk and priority.
5. Legal boundary
This policy does not grant permission for unlawful activity, unauthorized access, or access beyond systems you own or are authorized to test.
6. Scope changes
Disclosure scope and process may be updated over time. Current policy is published in the TradeCheck legal library.