Free Breath Assessment
Free Breath Assessment

Responsible Disclosure Policy

Recal Training is committed to ensuring the security of our services and protecting our customers’ information. The security of our systems is a top priority, and we believe that a strong partnership with the security research community is essential to achieving this goal.

If you have discovered a security vulnerability in one of our systems, we appreciate your help in disclosing it to us in a responsible manner.

Scope

This policy applies to the following systems and services:

  • www.recal.training
  • assessment.recal.training (if applicable)
  • Any other subdomains of recal.training

Out of Scope: Any services hosted by third-party providers (e.g., Mailchimp, Google Workspace, Basecamp) are outside the scope of this policy.

Guidelines for Responsible Disclosure

We ask that you act in good faith and follow these guidelines:

  • Do No Harm: You must not engage in any activity that could disrupt, damage, or compromise the integrity of our services or the data of our users. This includes social engineering, phishing, or denial-of-service (DoS) attacks.
  • Privacy: Do not access, modify, or exfiltrate any data that does not belong to you.
  • Confidentiality: Please keep any information about discovered vulnerabilities confidential between yourself and Recal until we have had a reasonable amount of time to resolve the issue.
  • Report Promptly: Report the vulnerability to us as soon as possible after discovery.

How to Report a Vulnerability

Please send a detailed report of the vulnerability to: info@recaltraining.com

Your report should include, at a minimum:

  • A clear description of the vulnerability and its potential impact.
  • The steps required to reproduce the issue.
  • Any proof-of-concept code, screenshots, or logs that can help us understand the issue.

Our Commitment (What to Expect)

When you report a vulnerability in accordance with this policy, we commit to the following:

  • We will acknowledge receipt of your report in a timely manner (usually within 3 business days).
  • We will work with you to understand and validate the issue.
  • We will work to remediate the vulnerability in a timely fashion.
  • We will not take legal action against you or ask law enforcement to investigate if you have acted in good faith and in accordance with this policy.

We appreciate the efforts of security researchers in helping us keep our community safe. Thank you for your contribution.