BORROWED, INC. SECURITY DISCLOSURE

Last Updated: March, 2022

BORROWED, INC., a State of Delaware corporation, with a principal place of business located at 113 Cherry St PMB 21149 Seattle, WA 98104-2205, and its affiliates (hereinafter referred to as, “Company”, “we”, “our” or “us”) wants you to be familiar with the steps that we have taken to protect your information and make your online transmissions safer.

We hope that once you understand the measures we employ and the steps you can take to protect yourself, you will be confident about the security of your transactions and personal information shared with us.

  • Positive Identification. We rely on the security representations and certifications made by our Third Party service providers. Our website and applications (collectively hereinafter referred to as, “Services”) are registered with site identification authorities to enable your browser to confirm our identity before any transmission is sent. With this technology, the identity of our Services is automatically confirmed behind the scenes prior to the transmission of any personal information requested. Your data reaches your intended target, or your browser notifies you, prior to sending any personal information, that the potential receiving site looks suspicious and should be avoided.

  • Data Encryption. If you are using a security-enabled browser, the personal information you send us is encrypted, making it extremely difficult to read even if it is wrongly intercepted. We utilize industry-standard Secure Sockets Layer (SSL) technology to allow for the encryption of – (a) potentially sensitive information, such as your name and address; and (b) critically sensitive information, such as your credit card information.

  • Help Protect Yourself. If you use a security-enabled browser, paying attention to two browser features will decrease the chances for the unintended or fraudulent use of your personal information.

    • Browser Security Settings. The security preference settings on your Web browser are your first means of stopping the theft or unwanted viewing of confidential, personal information. The most popular browsers offer you the ability to receive an alert or notification if any of the following occurs, or is about to occur – (a) changing between secure and nonsecure transmission modes; (b) receiving an invalid site identification for the site to which you are about to transmit; and (c) sending a transmission over an “open” or unsecured connection. Check the setting of your browser security features to see all the checks that are possible and those that are currently in place.

    • Browser Security Signals. There are two ways you can recognize the presence of security measures surrounding your data entry on a Web page. The URL identifying the page will always begin with “https://” versus the normal “http://.” With these security measures in place you can also feel confident that you are taking the best possible steps to make a transaction through our Services safe and secure.

  • Reporting a Vulnerability Specific to Our Services. Our dedicated team of security professionals work vigilantly to protect your personal information. However, there may be instances when a threat, or vulnerability, from our Services might be overlooked by our team. If you discover a threat, or vulnerability, specific to one of our Service offerings, then please notify us in writing at legal@getborrowed.com. We ask that you include the following information when reporting a threat or vulnerability: (a) name; (b) email address; (c) specific Service where threat or vulnerability was found; and (d) description of the threat or vulnerability.

  • Vulnerability Disclosure Program. Before releasing information about any identified threat or vulnerability publicly, we would ask your cooperation and allow us sufficient time to remediate the risk. To that end we request you follow the guidelines below:

    • Do -

      • Share the security issue with us before making it public on social media, message boards, mailing lists, conference talks, and other forums.

      • Provide full details of the security issue including steps to reproduce and the details of the system where the tests were conducted.

      • Wait until notified that the vulnerability has been resolved before disclosing it to others. We take the security of our users very seriously, however some vulnerabilities may take longer than others to resolve. There are several teams involved in working on these vulnerabilities depending on the vulnerability and the function being exploited.

      • If you are planning to present about the vulnerability at a conference, let us know the date as soon as possible.

    • Don't -

      • Cause potential, or actual damage, to our users, systems or applications.

      • Use an exploit to view unauthorized data or corrupt data.

      • Request compensation for the reporting of security issues either directly from us, or through any external marketplace for vulnerabilities, whether black-market or otherwise.

      • Engage in disruptive testing, like DDoS, or any action that could impact the confidentiality, integrity or availability of information and systems.

      • Engage in social engineering or phishing of customers or employees

      • Request for compensation for time and materials or vulnerabilities discovered.