Effective date: August 2, 2023
Raivo ("us", "we", or "our") operates Raivo APNS (the "Service").
The key words "must", "must not", "required", "shall", "shall not", "should", "should not", "recommended", "may" and "optional" in this document are to be interpreted as described in RFC 2119 (Bradner, 1997).
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
This document outlines security procedures, policies and features for the Service.
If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. If you find a security vulnerability in a third-party module that is in use by Raivo, please also report the vulnerability to the person or team maintaining the module.
The Raivo HackerOne program (currently a private program) is used to manage security vulnerabilities in Raivo. If you have discoverd a vulnerability, please send a mail to the lead maintainer at https://mobime.org/contact/. You will be invited to the HackerOne program to be able to report your security vulnerability.
The lead maintainer will acknowledge your report within 2 business days, and will send a more detailed response within 2 additional business days indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.
When the security team receives a security vulnerability report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
- Confirm the vulnerability and determine the affected versions.
- Audit the code to find any potential similar problems.
- Prepare a fix for the upcoming release or a dedicated release.
- Publish the fix to the Apple App Store as soon as possible.
ToDo