Datamation

Security Vulnerability Disclosure Policy

Datamation Group takes the security of our systems, applications, and data seriously. We welcome responsible disclosure of security vulnerabilities that may affect our public-facing websites, web applications, and related online services.

If you believe you have identified a security vulnerability, please report it to us responsibly so that we can investigate and address it appropriately.

How to Report a Vulnerability

Please send your report to:

 

Email: dm_it@datamationgroup.com

 

To help us investigate efficiently, please include these details where possible:

 

  • A clear description of the issue and affected URL, page, system, or feature
  • Steps to reproduce the vulnerability
  • The potential impact
  • Proof-of-concept details, screenshots, or logs where relevant
  • Your name and contact details for follow-up

Scope

This policy applies to security vulnerabilities identified in Datamation Group-owned public-facing digital properties, including:

 

  • https://www.datamationgroup.com

  • Other Datamation Group web properties, applications, or services that are explicitly owned and operated by Datamation Group


This policy does not automatically extend to third-party platforms, services, hosting providers, plugins, integrations, or partner-managed systems unless Datamation Group has explicit authority over them.

Guidelines for Responsible Testing

When conducting security research under this policy, we ask that you:

  •           Act in good faith and avoid actions that may harm Datamation Group, our customers, our partners, or the public
  •          Test only to the extent necessary to confirm the existence of a vulnerability
  •           Do not access, modify, delete, download, or retain data beyond what is strictly necessary to demonstrate the issue
  •            Immediately stop testing and notify us if you encounter personal data, confidential information, or data belonging to another party
  •           Keep information about the vulnerability confidential until we have had a reasonable opportunity to investigate and remediate it

 

Out of Scope / Prohibited Activities

The following activities are not authorized under this policy:

  •           Denial-of-service attacks, stress testing, or actions intended to degrade service availability
  •           Social engineering, phishing, pretexting, or impersonation of Datamation Group staff, customers, or partners
  •           Physical attacks against offices, facilities, or equipment
  •           Malware deployment, ransomware simulation, destructive payloads, or data destruction
  •           Mass automated scanning or other activity that may negatively affect system stability or performance
  •           Accessing accounts, data, or systems that do not belong to you
  •           Exfiltration, downloading, sharing, or retaining confidential, personal, or customer information
  •           Testing systems or assets owned by third parties without their authorization

 

Safe Harbor

If you act in good faith, follow this policy, avoid privacy violations and service disruption, and promptly report the issue to us, Datamation Group will regard your research as authorized under this policy.

We will not pursue legal action against researchers for accidental, good-faith actions that are consistent with this policy and intended solely to identify and report security vulnerabilities.

This safe harbor applies only to conduct that complies with this policy and does not extend to actions that are unlawful, destructive, fraudulent, abusive, privacy-invasive, or outside the stated scope.

Our Commitment

When you submit a vulnerability report in good faith, Datamation Group will make reasonable efforts to:

  •         Acknowledge receipt of your report
  •         Review and validate the submission
  •         Investigate the issue and determine appropriate remediation
  •         Communicate with you where additional information is needed

Remediation timelines will vary depending on severity, complexity, operational considerations, and affected systems.

Public Disclosure

Please do not publicly disclose the vulnerability until Datamation Group has had a reasonable opportunity to investigate and remediate the issue.

If coordinated disclosure is appropriate, we may work with you on timing and wording.

Rewards

Datamation Group does not currently operate a bug bounty or paid vulnerability reward program. Reports submitted under this policy are appreciated and will be reviewed, but no monetary compensation is promised.

Privacy and Sensitive Information

If your testing results in access to personal data, confidential information, or sensitive business information, you must stop testing immediately and notify us. Do not save, copy, transfer, disclose, or use such information except as strictly necessary to report the issue.

security.txt

Our vulnerability disclosure contact may also be published via /.well-known/security.txt. Where applicable, that file should be read together with this policy.

Last Updated

15 April 2026

Kindly note that you will have options to unsubscribe if you do not wish to receive any email from us. Should you have any queries or concerns in relation to this Security Policy, kindly contact us.