Vulnerability Disclosure Policy

At Painless Health, the security and privacy of patient data and our health information systems are our highest priorities. We understand that our users play a crucial role in helping us maintain this security. If you come across something unusual or suspect a potential vulnerability while using our systems, we sincerely appreciate your efforts to report it to us.

We adhere to all applicable privacy laws and regulations, including the Australian Privacy Act 1988 and Australian Security Legislation, ensuring that any information you provide us in your report will be kept strictly confidential and only used for improving our system's security.

Your Privacy

When you submit a vulnerability report, we are committed to protecting your privacy. We will not share your name or contact information without your explicit permission. We will only use the details you provide us to investigate and rectify the potential issue, and we will not use the information for any other purpose.

No Legal Action

In recognition of the vital role you play in helping us maintain our system security, Painless Health commits that we will not pursue legal action against you for discovering and reporting vulnerabilities in accordance with this policy. We consider your actions as valuable contributions to our security, and we appreciate your good faith efforts to keep Painless Health secure.

How to Report a Vulnerability

If you notice a potential security issue:

1. Stop what you're doing immediately.

2. Take note of what you were doing.

3. Refrain from sharing the details of the potential vulnerability with others.

Please email us at security@painless.health and include the following:

1. A clear description of what you were doing when you noticed the potential issue.

2. The date and time when you discovered the issue.

3. Any screenshots or other information you think might help us understand and fix the problem.

Your contact information, so we can get in touch with you for additional information, if necessary.

Our Promise

When we receive your report, we promise to:

1. Acknowledge receipt of your report within three business days.

2. Conduct a thorough investigation of your report and aim to provide updates every seven business days.

3. Rectify the problem as swiftly as possible.

We are truly grateful for your assistance in maintaining Painless Health's security. If you have any queries regarding this policy or want to follow up on a report, please contact us at security@painless.health.

Policy Changes

Painless Health reserves the right to modify this policy at any given time. The most recent version of this policy will always be available on our website. We encourage you to check for updates periodically.

‍

‍