Skip to content

Responsible Disclosure Policy

Introduction

Data security is a top priority for Enervee, and Enervee believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in Enervee’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy

  • If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@enervee.com. We will acknowledge your email within one week.
  • Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten business days of disclosure.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Enervee service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

 

Exclusions

Enervee is providing this service to help ensure a safe and secure environment for all of its users. As such, any users believed to be engaging in the below activities will have their user credentials immediately deactivated.

While researching, we’d like you to refrain from:

  • Denial-of-Service (DoS)
  • Spamming
  • Social engineering or phishing of Enervee employees or contractors
  • Any attacks against Enervee’s physical property

This policy applies to the Enervee Application hosted at choose.enervee.com and to any other subdomains or services associated with the Enervee application, including our client domains who run our white-labeled application under their domain name (usually something like marketplace.their-domain-name.com). We do not accept reports for vulnerabilities solely affecting our marketing website (www.enervee.com) which contains no sensitive data.

 

Red Team Rules of Engagement

If you want to conduct red teaming against Enervee you will need written permission upfront by emailing security@enervee.com.

You need to get a written authorization letter from our CTO. While you are engaged in red teaming activities you should coordinate with the Security Team so escalation (law enforcement, etc.) can be avoided. The Security Team will notify the Infrastructure Team as well as the VP of Engineering so that awareness is maintained.

 

Public GPG Key

  • Enervee Security <security@enervee.com>
  • ID: 76BB1423
  • Fingerprint: 4D7D E529 5F7A 815A 8899  55B7 4DAA 9C0E 76BB 1423
  • -----BEGIN PGP PUBLIC KEY BLOCK-----

    mQINBGQBAuEBEADJYxXxTpVPLOgNKGA0iHNfrAY79s3WFV+kypS3S9Iq7TmgcEJy
    T30xfMuNOBjsywkoD2vu7f2NFcKBmeteguZCbIsiykOR1+p66avBmhTqptns+5m9
    1hL7TwqZW4Oa2vPeK8CZ2xW9D4bKCskTAzYvfxN1aBCISGplfGMmgCmLPMhsMGez
    /Csu0Z9+kkOUl3MQxfy3o8CYp3UnOrSo9lIVGvNqnH5YWcFdQrYsvdq9oAklFVT0
    oc/VpNpFQjJj+Q8Qod5OI+cXTGp4ZZD/IGLIljrJMCSDlt9laxp6OdDwv+ltrXC9
    xVVWVtEreg4O72NT1bS6qpxuDrWRGz6ErdDUCnW5UI/QfOjLEyVBLsnSQMLhYc3y
    aByf/Xuj+IHAj6oA2kWF+Rkf4LGjoVbQ2iCUfZDkDLmBxMc5ahrznl8xLTBZkAzl
    xrucR3fEyyTAtxo7MTn/J1M6R478A3E8hJp37xE1JbWvEbRVoJeVui0EPmfJwTte
    J8KIVnDYmWmUIR6lgqQ07vRahDz0hWdTd52Y6UEEgW8Jo9IlByiJJGF0Op+5Q7ca
    ltLIla1pn0VZmryie9bHd40VucfX739P5HZTxiQ+Z9tBGIyqisjUtwvwOYsRGruQ
    CSfpDYoBZJnNcmXZ4LRoKlQ/PxBigof7q/f3nRbYRJCPrZmwmLsNvw2hlQARAQAB
    tCdFbmVydmVlIFNlY3VyaXR5IDxzZWN1cml0eUBlbmVydmVlLmNvbT6JAlQEEwEI
    AD4WIQRNfeUpX3qBWoiZVbdNqpwOdrsUIwUCZAEC4QIbAwUJB4YfMwULCQgHAgYV
    CgkICwIEFgIDAQIeAQIXgAAKCRBNqpwOdrsUI3CmEACP/2eT7GG0TDCd96SN5oa3
    PiKBToRi6V4FdsjzuF+4kc45wbryrzbSjRg1/tyI54qgzC2adcVq07ivHSpJy3DC
    5i6Yct814ik5K1NgZ1aE3WyFKgg+mVzokhQKDDeoPqEsj6Orn3JK7B7GOa7zCX4q
    7AkahJEvkC1Gje6jXJE/66Pdrsj1GJIigOa2cyfr0zjx56tcMD0b5cWLZqyKmrUC
    8UQz2E44bf/0aH9AA4hedjJCbjALZRXcTrlxg0Y3EQfi9HOvpVuBYGqE+8FOsE3Y
    Mtork9Nb+4Y56HKb21gkEVirM+0KwjGfbI+/6e1T9mNao2PCfqoLGuomNCk64mQQ
    nUq03NEJiY8cJ8uY1x+3MB+hNA9IM3ADYMdEAIDtKllJ90L+tEQtw5WUG95NVlou
    hYlSJ/rE07GR9O9iJkCT/7Auas+fwwHQIDjkeU+LygESG5zW3yKWzXiVR4OJrbhc
    jK3zBHpWha76MHTbfLIJT8tCRCQlsjL2d5NrThvlI2ynpsEJtqiMh4KK0W/0BdRm
    ryaI3fxDdf4Z9rlnE+fK3reA9WWxNdyFju9B/zMVt5aeCUaAbkOCSreg6AVH02n+
    MOLjKJyC9E2Dl5O/48fzGtaocTGoBsc3bOBCRPgzlZRJ01zPCq1O/kcv7X0PCB0x
    TwJoPAuT3NRF34oJmwaWFLkCDQRkAQLhARAAq1CZ2aVtBvJptupKoDjiJ+ClWG4f
    3lV6Oii1HV2ZKOYNh+MG3SibbW2e3177Op4KiANYZsfXqDXKyGQ6JKPjZg9QAG8N
    Eoc81HFyZ/YB8bnu1eQEJs0Qsr0EOZRelCUQ66PxNBWgvLXVNHLZkeU8ArZ8Pdt/
    v4tf78VHIPd9fAEXl/YAb6zfqe/pVduUMd8wmTzK82mPM0ctNSYegD1kIvHsiQUb
    lG5nFtSLY9XWg6BmebeiSpGu5n57G+NeZElFYEpg0M2YF28n+QRojGmhKQ5VeibB
    4Fx4d0MxJFoOPnNWwhWInn9jRcPKVDQGRl+5rXjK7lJ2BkfRUaArB2JdwXWGLaYY
    HEhDJ/1mFGQHYR60NMEUGdcbL5TNsLfPBGdrvV0TrvKRjVxYq60/3c5InQAEeT0S
    JbHChNoEGqpDFfvNlEu7tGRGs+pvF13G7XkzYl13PeBp6r2uQywKWllevdXpVAO5
    2L0abRfbQH7SrqId+8JYI8tJcX6Vqj3DMTeQE0ACJbJrgqMRAYk2qD/NBPR7/2Qv
    1AXrjMiksNiA/po9grRXyfB4FuaVO7LsTmgHnY8PyaStwrZykYKfnVl1xk8tudM1
    Q9qjKA51Vg798Tt2drNZVL+vdoHpF7XcG3IltedrQ26zyYM9c2Ux6wdiLpF5pwK+
    lXbZhXz/6Nkfbg0AEQEAAYkCPAQYAQgAJhYhBE195SlfeoFaiJlVt02qnA52uxQj
    BQJkAQLhAhsMBQkHhh8zAAoJEE2qnA52uxQjotAP/RS1ybGcSj/6p/RPMmppNebn
    O+yB/mJPcL6pqIHFkhE9MmfEDv5d7Zc7h6RDh2Qz5VM8md/QmRGr2OZWJxiYCm3r
    N5CdRM9M3ohM7Peo6p4NyzswOUTN2bxicNnZtUeSis9jjOweMB4/dz3Bb+ai+Gr2
    1Y69yNxSHeM0lpRENyIFSx1eoZWXFdlsuD88+bWhHTuX7uyzVoWfaftjnBqcm+0u
    qBf/lK5yK0Gqm0WFNT5gXKF6ZGXbAs1KIboOdE2sjLnR5dQWl1HS9t5rTAPgxJ+r
    1aZVm6rzRiw78ZLz44NGFrPBYBznlW7CVdJRbnOaIw+2MeOjgz4qx/M17pKIAKhL
    tmLr2N6oGi+zT3ghsA2/4sCtBLtYAL0umxkRHzTrQmvU7O8tV81Co5Pnwq/9usLM
    knPnqQ6Bry0BFTTXOvtX6XvMFa0YM5Lhba308vL08WbGh14kE73XfmYWSqPScMwO
    1Qn5hc+SG/azqBwneD/nOw7chsrf2+GABbWakztE8H3F49j/nuELT34jQ7NuUl7F
    AQLOr/ChIKV/Av7Nt7srWacNDbWA+cjPY+GrhOl/Fj2+qIXycRmqSG2I0wwUsz9y
    m/0Umrlvf+QFsnF9ZuyRO+hv7Q4BUUdY4pIpvqgRtNqsiiQtmCNPKyIcxnwOIaMP
    xr7R2k9NCMBRHua6RXkc
    =Vn3T
    -----END PGP PUBLIC KEY BLOCK----

 

Contact

Enervee is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at security@enervee.com.

Thank you for helping to keep Enervee and our users safe!