LEGAL

Security Disclosure Policy

Effective: January 2025  

 Last Updated: January 2026

Reporting a Security Vulnerability

If you believe you have discovered a security vulnerability affecting our website, applications, services, or infrastructure, please notify us as soon as possible.

Please submit all reports directly to our security team at security@safeholdlogistics.com
When reporting a vulnerability, please include:

  • A detailed description of the issue
  • The affected URL, application, or service
  • Steps required to reproduce the vulnerability
  • Proof-of-concept code, screenshots, or supporting evidence where appropriate
  • Your contact information for follow-up communication

Our Commitment

When you report a vulnerability in accordance with this policy, we will make reasonable efforts to:

  • Acknowledge receipt of your report within five (5) business days
  • Investigate the reported issue promptly and thoroughly
  • Provide updates regarding the status of our investigation where appropriate
  • Remediate confirmed vulnerabilities within a timeframe determined by risk and complexity
  • Recognise researchers who responsibly disclose valid security issues, where appropriate

Responsible Disclosure Guidelines

We ask that all researchers conducting security research:

  • Act in good faith and avoid privacy violations, data destruction, or service disruption
  • Avoid accessing, modifying, downloading, or deleting data belonging to others
  • Avoid actions that could negatively impact the availability or performance of our systems
  • Provide us with a reasonable opportunity to investigate and remediate vulnerabilities before public disclosure
  • Maintain confidentiality regarding the vulnerability until we have resolved the issue or mutually agreed on disclosure timing

Authorised Security Research

Activities conducted in accordance with this policy are considered authorised. We will not pursue legal action against individuals who:

  • Conduct security research in good faith
  • Comply fully with this policy
  • Avoid causing harm to users, customers, employees, or our systems
  • Promptly report discovered vulnerabilities to our security team

Out of Scope Activities

The following activities are not authorised under this policy:

Social engineering attacks against employees, contractors, or customers

Physical attacks against facilities or equipment

Denial-of-service (DoS) or distributed denial-of-service (DDoS) testing

Spam, phishing, or malicious communications

Automated scanning that materially impacts system performance

Accessing, modifying, or exfiltrating customer or employee data

Attempts to compromise third-party services not owned or operated by Safehold Logistics

CONTACT

For all security-related concerns, please contact our dedicated security team directly. Security Team

All vulnerability reports are handled with strict confidentiality and reviewed by our internal security personnel.

security@safeholdlogistics.com

Scroll to Top