Responsible disclosure
We take the security of Maivas seriously, because Maivas holds the keys to our customers' marketing accounts. If you are a security researcher or a user and you find a vulnerability, we want to hear from you. Maivas is operated by Move Me Media Pty Ltd (ACN 699 626 385).
How to report
Email info@movememedia.com.au with:
- a description of the issue and where you found it;
- steps to reproduce it, or a proof of concept; and
- the impact you think it could have.
Please give us a reasonable time to investigate and fix the issue before you disclose it publicly.
Our commitment
- We will acknowledge your report within 5 business days.
- We will keep you updated as we investigate and work on a fix.
- We will not take legal action against you for a good-faith report that follows this policy.
- With your permission, we are happy to credit you once the issue is resolved.
Scope
In scope: the Maivas application and its APIs.
Please do not:
- access, modify or delete data that is not yours, beyond the minimum needed to demonstrate the issue;
- run attacks that degrade the service for others (for example denial of service), or use social engineering, spam or physical attacks;
- test the third-party platforms we integrate with (for example Meta, Google, Stripe); report issues in those to the platform directly.
Out of scope
Reports that are theoretical with no realistic impact, issues in third-party services we do not control, and findings from automated scanners without a demonstrated exploit.
Thank you for helping keep Maivas and our customers safe.