geo takes product and service security, trust, and transparency seriously. We value and appreciates the work that security researchers do to make the internet a better place and would like to make it as easy as possible to report vulnerabilities. This policy provides guidelines for reporting product security issues and vulnerabilities to geo .

Disclosure Policy: If you believe you have found a security vulnerability that could impact geo, geo products or users of geo products, we encourage you to let us know as quickly as possible. We will investigate all legitimate reports and do our best to quickly fix the problem. In return, we expect you to make a good faith effort to avoid privacy violations, destruction of data, service interruption or degradation of our services. Only interact with accounts and devices you own or where you have the explicit permission of the account holder or device/system owner/operator.

If you believe you have discovered a vulnerability in a geo product or have a security related incident to report, please email us to security@geotogether.com. geo requests that you give us a reasonable amount of time to resolve the reported issue before any disclosure to the public or a third-party.

geo has aligned it’s approach with that of CERT and undertakes to not subject parties conducting security research and reporting vulnerabilities in a responsible manner to potential criminal investigation and/or taking of legal action. The following activities will not benefit from this undertaking:

• Physical attacks against geo employees, offices, suppliers and service providers.
• Social engineering targeting geo employees, contractors, vendors, suppliers or service providers.
• Knowingly posting, transmitting, uploading, linking to or transmitting any malware.
• Pursuing vulnerabilities which send unsolicited bulk or unauthorized messages.
• Any vulnerability relating to information obtained through the compromise of a geo customer or employee accounts. If you need to test a vulnerability, please create an account or contact us to have one created for you.
• Denial of service and Brute Force attacks.
• Issues found through Content Spoofing or identified as a result of access to material supplied under a Non-Disclosure-Agreement

Information Security Officer

Dated: 22 October 2018