top of page
  • Facebook
  • Instagram
  • TikTok
  • Youtube
  • LinkedIn
We're still adding some finishing touches, but there's already so much to discover. Start exploring!
Image by Lucian Alexe

VARIANTZ
VULNERABILITY DISCLOSURE
POLICY

At Variantz, the safety and security of our customers’ data and the reliability of our products and services are our top priorities. Despite our best efforts to design secure systems, vulnerabilities may still exist due to the complexity of modern technology. This policy outlines how you can responsibly report potential security vulnerabilities in our systems.

We encourage customers, users, researchers, and partners to report any identified vulnerabilities or errors in our products and services. Your contributions help us improve the security and reliability of our offerings.

Scope

This policy applies to:

  • Our corporate website (www.variantz.com).

  • Mobile applications, APIs, and smart home devices developed by Variantz.

  • Any other digital platforms or services operated by Variantz.

Third-party systems or services not managed by Variantz are excluded from this policy.

How to Report a Vulnerability

If you discover a potential security vulnerability, please report it to us via email at whistle@variantz.com . Your report should include the following details:

  • A clear description of the vulnerability.

  • Steps to reproduce the issue.

  • Affected systems, URLs, or endpoints.

  • Supporting evidence (e.g., screenshots, logs, payloads).

  • Any additional technical information (e.g., CVSS score, impact analysis).

Please ensure that:

  • You do not exploit the vulnerability (e.g., access or modify data).

  • You do not share details of the vulnerability with others until it has been resolved.

Responsible Disclosure

We encourage responsible disclosure by asking you to:

  • Provide us with sufficient time to investigate and remediate the issue.

  • Refrain from publicly disclosing the vulnerability until it has been resolved.

Acknowledgment

While we appreciate your efforts in helping us improve our security, Variantz does not guarantee any acknowledgment, reward, or compensation for submitted reports. Submission of a report does not obligate Variantz to take any specific action, including correcting the reported vulnerability.

Legal Assurance

By submitting a report, you agree to the following terms:

  1. No Obligation or Liability:

    • Variantz does not owe you any reward, compensation, or acknowledgment for submitting a report.

    • Submission of a report does not create any contractual or legal obligation for Variantz to act on the reported vulnerability.

  2. Use of Information:

    • Variantz may use your report for any purpose deemed relevant, including correcting vulnerabilities or improving system security.

    • By submitting the report, you assign all intellectual property rights in the report and any attachments to Variantz at no cost.

  3. Ethical Conduct:

    • You confirm that you have not exploited or used the vulnerability in any manner (other than for reporting purposes).

    • You have not engaged in harmful activities, such as denial-of-service attacks, data theft, or unauthorized access.

    • You have not breached any applicable laws in connection with your report.

  4. Confidentiality:

    • You agree not to disclose any information related to your report, the vulnerability, or the fact that a report has been submitted to Variantz, without prior written consent from Variantz.

    • Breach of this confidentiality clause may result in legal action.

  5. No Harmful Actions:

    • You agree not to conduct any testing or research that could harm Variantz, its customers, employees, partners, or suppliers.

    • You agree not to test the physical security of any property, building, plant, or factory associated with Variantz.

  6. No Guarantee of Response:

    • While we appreciate all reports, Variantz does not guarantee a response unless further clarification is needed.

    • We will only contact you if we require additional details or wish to acknowledge your contribution.

Contact Us

For questions or to report a vulnerability, please contact us at:
Email: whistle@variantz.com

Global Recognition

From Singapore, all the way to the world stage, Variantz is honored to be recognized by both local and diverse international industry associations and standards body.

open parter program_edited.png
imda_logo_colour.png
2020 Best in Singapore Badge_edited.png
MediaOne - Top in Singapore Award.png
2018 Open Connectivity Foundation_edited.png
SGBC-T_edited.png
2018 OCEAN - Korea IoT Council_edited.png
bottom of page