1. Purpose and Scope
Please read this page carefully and completely. It sets forth Fluid Attacks' expectations regarding how our employees, partners, allies, and customers interact in our mutual business environment. Fluid Attacks is committed to maintaining a high degree of professionalism, integrity, reliability, and ethics with the expectation that those involved act in accordance with the law and company policies. Understanding our expectations and compliance with them is expected at all levels of our interaction. Failure to meet the principles set forth here could result in penalties and/or criminal sanctions and the termination of all business relations with Fluid Attacks.
Fluid Attacks is a Colombian company. We firmly believe in, and conduct business in accordance with our principles. Our principles, therefore, are not negotiable.
Fluid Attacks principles are:
HONESTY: At Fluid Attacks honesty is paramount in all our business interactions. Truthfulness, trustworthiness, reliability, and integrity is what we bring to our business relationships and what we expect in return.
The TEAM: Fluid Attacks' results are achieved through the collaborative effort of all our staff. We are a team. Therefore, we maintain, and expect, dignified and respectful treatment for all members of the Fluid Attacks team.
DISCIPLINE: Fluid Attacks will fulfill all our commitments, with dedication, perseverance and 100% focus on excellence for all our customers.
Following are some examples of how our values and principles operate in our business interactions with customers:
All detected vulnerabilities are reported: No detected vulnerabilities are stored for future personal or organizational use.
Attacks are only carried out with authorization from the client, and in personal test environments or environments created to be hacked (CTFs, challenge sites, etc.): Attacks are not carried out as a test, outside of work hours, or outside of the organization to third parties (partners, other companies, friends, etc.).
The vulnerabilities found by the hacker are not revealed: Detected vulnerabilities are only revealed to the client and authorized people working directly on the project. Hackers do not reveal any information regarding vulnerabilities, nor their existence, to any unauthorized person inside Fluid Attacks or outside Fluid Attacks.
Any infection installed for an attack is uninstalled: After finishing a client’s project all the software installed to infect the system is completely removed or if this is not possible, the client is notified, regarding the details of this situation, in writing.
All detected security issues are reported: If we know a security issue exists, it is reported in writing to the client.
Assume Responsibility: If Fluid Attacks discovers any errors, or missteps, on our part, during work on your project, we will inform you, and take full responsibility for any impacts and repercussions, and do whatever is required to fix them.
In our company the process is every bit as important as the result. This is why we adhere to the principles laid out under heading 2: Principles and expect in-kind treatment for everyone involved in your project.
Our business complies with all employer/employee regulations and laws, such as fair labor practices, overtime compensation, equal employment opportunity, etc. as set forth by Colombian law.
5. Safekeeping of Information
We permanently monitor and manage the risks associated with our client’s information.
6. Problems and Complaints
All matters related to the breach of our values can be reported through email@example.com