Security Vulnerability Disclosure Policy

---

1. Introduction
2. Security Researchers
3. Our Commitments to Researchers
4. What We Ask of Researchers
5. Scope
6. Reporting Potential Security Vulnerabilities

---

1. Introduction

At Social Nature we care about people, the planet, and helping you achieve your health and sustainable living goals. That mission requires trust. Central to maintaining this trust is the protection of the information that we've been entrusted with by our customers, our partners, and our investors. As a result, we have created this policy to outline the considerations and commitments for the disclosure of potential security vulnerabilities to Social Nature in a responsible manner.

2. Security Researchers

Social Nature recognizes the positive contributions of security researchers and encourages the responsible and direct disclosure of potential security vulnerabilities to us.

3. Our Commitments to Researchers

1. We will endeavor to maintain confidentiality in our communications with you.

2. We will work with you to validate and respond to your disclosure.

3. We will investigate and use all reasonable efforts to remediate validated issues in a manner consistent with our legal obligations and responsibilities.

4. Social Nature does not intend to pursue legal action against any party that conducts security research and discloses information to us in good faith and as outlined in this Policy.

5. Social Nature reserves all legal rights in the event of noncompliance with this Policy.

4. What We Ask of Researchers

1. We request that you communicate information about potential security vulnerabilities in a responsible manner. This means complying with all applicable laws and the respecting the privacy of individuals. Your security research should also avoid degradation of our user's experiences and disruption to our systems. At no time should you attempt to acquire Social Nature data.

2. We request that researchers provide sufficient technical detail and background necessary for our team to identify and validate reported issues, using the email address below.

3. We request that researchers act for the common good, protecting user privacy and security by refraining from publicly disclosing vulnerabilities.

5. Scope

Social Nature defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability, or confidentiality of our digital assets.

The following activities are explicitly out of scope of this policy.

1. Compromising the integrity, availability, or confidentiality of non-public information in the possession of Social Nature.

2. Failing to immediately delete/destroy sensitive information or personal data you may inadvertently access.

3. Publicly disclosing any potential vulnerability without the express written consent of Social Nature.

4. Intentionally or negligently causing a denial-of-service condition for any user beyond the researcher.

5. Exploitation of any vulnerability which sends bulk unsolicited or unauthorized messages (spam).

6. Conducting research through social engineering or other deceptive means.

We require researchers to contact us before engaging in research that may be inconsistent with or unaddressed by this policy. If in doubt, ask us before engaging in any specific action you think may go outside the bounds of this policy.

6. Reporting Potential Security Vulnerabilities

If you believe you have discovered a potential security vulnerability in any digital asset owned, operated, or maintained by Social Nature or a circumstance that could reasonably impact the security of our Company or our users, we encourage you disclose this to us. You may report potential security vulnerabilities at security@socialnature.com, please provide all known information related to the suspected security vulnerability you are reporting. Upon submission, we will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution, if any.