KMA Global General Trading we care deeply about maintaining the trust and confidence that our customers place in us. We understand that protection of customer data is a significant responsibility and requires our highest priority. We therefore take the security of our digital platforms extremely seriously, and we genuinely value the assistance of security researchers and others in the security community to assist in keeping them secure.

If you are a security researcher and have discovered a security vulnerability in one of our digital platforms (e.g. websites or mobile applications), we appreciate your cooperation in disclosing it to us in a responsible manner. We will validate and fix confirmed vulnerabilities in accordance with our commitment to security and privacy.

REPORTING

Security researchers should exclusively use the form at the end of this page to share the details of any suspected vulnerability, and not any other channel of communication, and include detailed information with steps for us to reproduce the vulnerability.

COMPLIANCE

For a proper cooperative experience, below are the activities which are prohibited under this policy and considered incompliant:

    Publicly disclosing the details of any identified or alleged vulnerability without express written consent from KMA Global General Trading
    Modifying data residing in an account that does not belong to you
    Accessing or downloading data beyond the minimum required to demonstrate a vulnerability. This should not exceed 1-2 records if at all necessary.
    Attempting to execute actions that disrupt the availability of our digital assets (e.g. any volumetric or denial of service attacks)
    Posting, transmitting, uploading, linking to, sending, or storing any malicious software
    Testing in a manner that would result in the sending of unsolicited or unauthorized junk mail, SMS, spam, or other forms of duplicative or unsolicited messages
    Testing in a manner that would degrade the performance or operation of any KMA Global General Trading digital assets
    Testing third-party applications, websites, or services that integrate with or link to KMA Global General Trading digital assets
    Making any changes in the system configurations, files, or data
    Introducing a backdoor in any digital asset
    Conducting non-technical attacks such as social engineering or phishing