• Not pursue civil or criminal action against you.
• Not report your actions to law enforcement, provided your access was solely to identify the vulnerability and was limited in scope.

This Safe Harbor applies only if your activities are conducted responsibly, lawfully, and in accordance with these guidelines.

ResponsibleDisclosure@sebleu.com

Your report should include, where possible:

• (a) A clear description of the vulnerability
• (b) The affected domain, URL, IP address, or endpoint
• (c) Step-by-step instructions to reproduce the issue (including logs, screenshots, responses, or proof-of-concept code)
• (d) Details of how the issue was discovered
• (e) The potential or presumed impact
• (f) Any suggested remediation or mitigation
• (g) Your name and preferred contact information (optional)

Please do not include any sensitive personal data in your initial message.

You may not attempt to access or interfere with:

• Any user, customer, or third-party data
• Systems, applications, networks, or infrastructure not owned or operated by Sebleu
• Any third-party integrations not explicitly authorized under this program

Safe Harbor does not apply to activities involving systems or data outside of Sebleu’s direct control.

You must not:

• Conduct denial-of-service (DoS or DDoS) attacks
• Attempt to compromise physical infrastructure or enter Sebleu premises
• Use phishing, social engineering, or impersonation techniques
• Engage in destructive or disruptive behavior during testing

Once a vulnerability is confirmed, you must cease testing and report it immediately. Violation of this section invalidates Safe Harbor protection.

By submitting a report, you confirm that:

• You have not accessed, stored, or retained any personal data belonging to Sebleu’s users, clients, or partners
• If personal data was inadvertently accessed, you have immediately and securely deleted it
• You will not collect, share, publish, or misuse any data obtained during testing for any unlawful, fraudulent, or harmful purpose

Responsible Disclosure Program Clause:

Participation in this program does not authorize you to extract, copy, store, share, or otherwise use any content or data from Sebleu’s website, platforms, or infrastructure beyond what is necessary to identify a security flaw. All activity must comply with these Terms and relevant data protection laws.

By submitting a vulnerability or related information, you grant Sebleu a perpetual, worldwide, royalty-free license to use, adapt, disclose, and apply the information for legitimate business and security purposes, including:

• Investigation and remediation
• Improvement of systems, services, or infrastructure
• Research, analysis, or internal training

This includes code samples, screenshots, logs, or written explanations. You do not acquire any rights to Sebleu’s intellectual property.

By participating, you confirm that:

• You are not subject to any export or trade sanctions under the laws of Singapore, the United States, or the European Union
• You are not located in, or a national of, a restricted or embargoed country
• You are not listed on any government sanctions or prohibited persons list

Sebleu and its affiliates, directors, employees, and contractors are not liable for:

• Any damages or losses (direct or indirect) related to your participation in this program
• Any fees, expenses, or services performed unless explicitly agreed to in writing

This program is voluntary. Submitting a report does not entitle you to compensation or rewards.