PEAK 15

Cloud Software for Tour Operators, Adventure Travel Companies, Leisure Travel Agencies and DMCs

Responsible Disclosure Policy

Last Updated: 08 30 2024

PEAK 15 Systems is providing this service to help ensure a safe and secure environment for all users.

If external parties find any sensitive information, potential vulnerabilities, or weaknesses, please help by responsibly disclosing it to ResponsibleDisclosure@fullsteam.com.

This policy applies to PEAK 15 Systems hosted applications and to any other subdomains or services associated with products. PEAK 15 Systems does not accept reports for vulnerabilities which solely affect marketing websites (https://peak15systems.com), containing no sensitive data.

Security researchers must not:

  • engage in physical testing of facilities or resources,
  • engage in social engineering,
  • send unsolicited electronic mail to PEAK 15 Systems users, including “phishing” messages,
  • execute or attempt to execute “Denial of Service” or “Resource Exhaustion” attacks,
  • introduce malicious software,
  • execute automated scans or tools that could disrupt services, such as password guessing attacks, or be perceived as an attack by intrusion detection/prevention systems,
  • test in a manner which could degrade the operation of PEAK 15 Systems systems; or intentionally impair, disrupt, or disable PEAK 15 Systems systems,
  • test third-party applications, websites, or services that integrate with or link to or from PEAK 15 Systems systems,
  • delete, alter, share, retain, or destroy PEAK 15 Systems data, or render PEAK 15 Systems data inaccessible, or,
  • use an exploit to exfiltrate data, establish command line access, establish a persistent presence on PEAK 15 Systems systems, or “pivot” to other PEAK 15 Systems systems.

Security researchers may:

  • View or store PEAK 15 Systems nonpublic data only to the extent necessary to document the presence of a potential vulnerability.

Security researchers must:

  • cease testing and notify us immediately upon discovery of a vulnerability,
  • cease testing and notify us immediately upon discovery of an exposure of nonpublic data, and,
  • purge any stored PEAK 15 Systems nonpublic data upon reporting a vulnerability.

Thank you for helping to keep PEAK 15 Systems and our users safe!