At FreshDirect, we are committed to maintaining the security of our systems and data. We believe that good security is critical to the trust of our customers, associates and suppliers. As such, we strive to continuously improve our security and welcome your help.
Enhancement of Data and System Security at FreshDirect
If you have found a weak spot in one of our systems, we would like to hear about this from you directly, so the necessary measures can be taken as quickly as possible to enhance system security. In order to enhance system security responsibly, we kindly ask for your help with the following.
- E-mail your findings to email@example.com.
- Provide sufficient information to reproduce the problem, so FreshDirect can address it as quickly as possible. The IP address or the URL of the system affected and a description of the findings are usually sufficient, but more information may be needed for more complex findings.
- Include your contact details so FreshDirect can contact you.
- Report your findings as quickly as possible after discovery.
- Do not share any information about the findings with any other party than designated associates at FreshDirect.
- Do not perform any acts other than those that are necessary to reveal the findings.
WE EXPECT YOU NOT TO:
- Install malware.
- Copy, change or delete data in a system (an alternative to this is to make a directory listing of a system).
- Make changes to a system.
- Repeatedly access the system or share access with anyone other than designated persons at FreshDirect.
- Use so-called "brute force" to access systems.
- Use denial-of-service or social engineering.
- Perform any action that might potentially disrupt FreshDirect's systems.
WHAT YOU CAN EXPECT:
- FreshDirect does not share your personal details with third parties without your permission, unless required by law.
- Your name will be mentioned in connection with the findings only after mutual consultation.
- FreshDirect will send you a confirmation of receipt as soon as reasonably possible.
FreshDirect offers a reward as thanks for your help. Depending on the seriousness of the findings and the quality of the report, the reward can vary from a t-shirt or a meet & greet with our IT security team, to a maximum of $300 in gift vouchers for a serious finding that was previously unknown to us.