Reporting a Security Vulnerability

Security Vulnerability Information

At Adevinta Real Estate, S.L.U. (hereinafter “the Company”) protecting our customers' data is extremely important to us. We greatly value the role security researchers play in helping keep our systems and information secure. To encourage responsible vulnerability disclosure, the Company's security team is committed to working closely with the research community. We will carefully investigate all legitimate vulnerability reports, recreate any confirmed issues, and work quickly to properly address them.

If you discover a potential security vulnerability in any the Company products or services, please report it to us right away. We will look into every credible report received and do our best to quickly resolve any validated vulnerabilities.

We ask that you do not publicly disclose your findings until we've had a chance to review and address the reported issues with you first. While we will consider reasonable public disclosure requests, the Company reserves the right to deny them. Your help in maintaining the Company's security is truly appreciated.

Responsible Disclosure Guidelines

To encourage responsible disclosure, the Company will not initiate legal action against security researchers for assessing vulnerabilities as long as they adhere to this policy, including:

• Notify the Company and provide all details through the HackerOne Vulnerability Disclosure Program form below.
• Only test accounts you own or have explicit permission for
• Do not access, modify or delete data that does not belong to you
• Do not engage with other users or employees, any action must be taken within test accounts under your control.
• Do not exploit vulnerabilities beyond what is needed to identify and report them
• Do not conduct denial of service, phishing, social engineering or physical attacks
• Do not conduct any testing on physical security of the Company premises, personnel, equipment, etc.
• Do not test third-party services that integrate with the Company
• Do not violate laws or disrupt services
• In submitting a security vulnerability report, you grant the Company permission to utilise the information contained in your report as we deem appropriate.

Public Acknowledgments Policy

Currently, the Company does NOT publicly disclose or maintain a list of security vulnerabilities reported by external parties or the individuals who reported them.

Privacy

For information on how the Company processes and safeguards personal data, please refer to our Privacy Policy available here.

Policy Changes

The Company reserves the right to terminate or modify this vulnerability disclosure program and policy at any time. Before conducting any security testing or taking actions based on this policy, please review the latest version here.