Policies

Legal Disclaimer

Responsible Vulnerability Disclosure Program – Solarbit Ltd (UK) At Solarbit Ltd, we take the security of our systems, infrastructure, and user data very seriously. If you believe you have discovered a potential security vulnerability affecting any part of the Solarbit platform or services, we encourage you to report it to us promptly and responsibly under this disclosure program.

We are committed to working with the security community to investigate, verify, and address any legitimate vulnerabilities in a timely and transparent manner. To protect our users and systems, we ask that all reports remain strictly confidential until we have resolved the issue.

We will not pursue legal action or restrict access to our platform for individuals who identify and report vulnerabilities in good faith and in accordance with this policy. However, Solarbit Ltd reserves all legal rights in the event of any non-compliant activity.

Capitalized terms not defined in this program have the meaning given in our Terms of Service and Privacy Policy.

Acceptable Security Research

We support responsible security research into Solarbit’s infrastructure. You are authorized to conduct testing only on services and systems you have legitimate access to. Under no circumstances may your activity include:

  • Accessing, or attempting to access, accounts, wallets, or data not belonging to you
  • Modifying, deleting, or corrupting any data or system resources
  • Performing denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks
  • Sending spam, phishing messages, or other unauthorized communications
  • Testing third-party platforms or services integrated with Solarbit
  • Uploading, injecting, or transmitting malicious software or code
  • Violating any applicable laws or regulations

Out-of-Scope Issues

We ask that you do not report the following issues unless you believe they involve a valid, exploitable vulnerability:

  • CSRF on public, unauthenticated forms
  • Disclosure of public files or directories (e.g. robots.txt)
  • DNSSEC or SPF configuration recommendations
  • Standard banner information on public services
  • Lack of Secure or HTTPOnly flags on non-sensitive cookies
  • Logout CSRF
  • Use of browser autocomplete or password save features
  • Phishing or social engineering methods
  • Physical security vulnerabilities

Reporting Security Vulnerabilities

If you believe you have identified a security vulnerability, please contact us by completing the appropriate form or emailing security@solarbit.tech with a clear and complete description of the issue.

  • Upon receiving your report, Solarbit will:
  • Acknowledge receipt within two business days
  • Provide an estimated timeline for verification and resolution
  • Inform you once the vulnerability has been addressed

Please do not submit any proprietary or confidential information. Any materials submitted will be treated as non-confidential and non-proprietary. By submitting, you grant Solarbit Ltd a perpetual, irrevocable, royalty-free license to use, reproduce, modify, disclose, and distribute the content of your report for the purposes of improving platform security and functionality.

Thank you for helping us maintain a secure environment for our users and the broader community.