Seller: Superspeed.ai Pty Ltd
IP Owner & Licensor: Strategic Global Holdings Pty Ltd (ACN 693 256 503)
Effective Date: 1 January 2025
Version: 4.95 Ultra-Final
Document Owner: CTO, Superspeed.ai Pty Ltd
Review Cycle: Annual or upon significant security or infrastructure change
1. Definitions
Defines: Vulnerability, Security Researcher, Good Faith, Proof of Concept, Coordinated Disclosure, Security Event, Exploit, and Testing Boundary.
2. Purpose & Scope
This Policy establishes a safe, structured, and lawful method for reporting security vulnerabilities affecting the website, e-commerce platform, digital download environment, user accounts, DRM systems, and associated infrastructure.
3. Our Commitment
Superspeed.ai Pty Ltd values the contributions of security researchers acting in good faith. We commit to:
- Timely review of reports
- Fair assessment
- Good-faith communication
- Non-retaliatory handling of valid submissions
4. Reporting Instructions
Reports should be submitted to: security@superspeed.ai
Reports should include:
- Description of the vulnerability
- Steps to reproduce
- Affected URLs or components
- Screenshots or Proof of Concept where safe
- Researcher contact information
5. Researcher Expectations
Security researchers must:
- Avoid actions that cause service disruption
- Not access customer data
- Not modify, copy, or delete data
- Not perform automated scanning without constraints
- Not attempt social engineering against staff or customers
- Respect privacy and data minimisation
6. Out-of-Scope Testing
The following activities are out of scope:
- DDoS or stress testing
- Physical security testing
- Attacks on third-party providers
- Spam and social engineering techniques
- Vulnerabilities in outdated browsers or unsupported software
7. Safe Harbour
If a researcher complies with this Policy and acts in good faith, Superspeed.ai Pty Ltd will not pursue legal action for their security research. Safe harbour does not apply to malicious intent, data exfiltration, or violations of applicable law.
8. Our Response Process
Upon receiving a valid report, we will:
- Acknowledge receipt within 5 business days
- Conduct triage and impact assessment
- Engage with the researcher for clarification if required
- Implement remediation where appropriate
- Provide a summary of actions taken (where feasible)
9. Coordinated Disclosure
Researchers must not publicly disclose vulnerabilities until we confirm remediation or provide written agreement. Coordinated disclosure ensures safe resolution for customers and the platform.
10. Cross-Document Integration
This Policy aligns with the Security Overview, Business Continuity & Resilience Statement, Privacy Policy, Digital Downloads Terms, AI Governance Statements, and Website Terms of Use.