CYBER SECURITY

At ARCTORA LIMITED, safeguarding the safety and security of our customers is our paramount priority. Notwithstanding our diligent efforts to implement robust security measures, vulnerabilities may persist in our products, services, or systems. If you have identified any vulnerabilities, we strongly urge you to report them to us so that we can promptly remediate them.

SCOPE

Reports are eligible for evaluation if they pertain to websites, services, or vehicles associated with ARCTORA LIMITED. The assessment process encompasses a comprehensive review of the provided information, ensuring adherence to established guidelines and protocols. Thorough scrutiny is undertaken to maintain the highest standards of accuracy and integrity within the industry.

 

VULNERABILITY DISCLOSURE PROCESS

To report a potential security vulnerability, please contact the responsible disclosure team at service@arctora.com.

 

VULNERABILITY REPORTING GUIDELINES  

1.Indicate the time and date of vulnerability discovery.

2.Provide the Product Model and number, as well as all known software version numbers.

3.Furnish a detailed description of the vulnerability to enable reproduction, including utilized tools, targets, processes, and results. Also, enclose the artifacts employed for discovery.

4.If available, propose a correction for the vulnerability. Refrain from accessing any data, whether personal or non-personal, that is not explicitly assigned to you or without prior consent.

5.Abstain from engaging in any activities that could cause harm to yourself or others, or lead to potentially hazardous situations, such as tampering with vehicles while in operation.

 

ACKNOWLEDGEMENT AND RESPONSE

We endeavor to respond to your report with an initial acknowledgement within three business days and aim to complete our internal analysis within seven business days.
In the event that we require additional information, we will reach out to you. Furthermore, we will keep you apprised of the status of the vulnerability.
Please be advised that the timelines mentioned are not guaranteed. However, our security team will strive to keep you informed about the progress of any reported vulnerabilities concerning our ARCTORA products.
It is important to note that addressing a vulnerability in a vehicle differs significantly from handling vulnerabilities in traditional IT systems. Vehicles are subject to stringent legal requirements and safety standards. As a result, developing a potential patch for a vehicle may involve a more extended timeframe. 

 

DATA PRIVACY

All personal data in connection with a vulnerability report will be processed in strict accordance with ARCTORA's internal data privacy procedures and in full compliance with all applicable laws and regulations.

The following data may be processed by the responsible vulnerability team (if provided):

- Identity, function, and contact details of the reporter
- Reported information, facts, and evidence
- Actions taken to address and investigate the reported vulnerability

Data retention is contingent upon the outcome of the investigation and may vary based on local legal requirements. In the event that:

- The reported vulnerability is unsubstantiated: All collected data will be promptly deleted from the system.
- The reported vulnerability is substantiated: All collected data will be deleted in due course, in accordance with applicable laws and regulations, following the conclusion of the verification process or when the data is no longer deemed relevant.