(function() { var didInit = false; function initMunchkin() { if(didInit === false) { didInit = true; Munchkin.init('105-GAR-921'); } } var s = document.createElement('script'); s.type = 'text/javascript'; s.defer = true; s.src = '//munchkin.marketo.net/munchkin.js'; s.onreadystatechange = function() { if (this.readyState == 'complete' || this.readyState == 'loaded') { initMunchkin(); } }; s.onload = initMunchkin; document.getElementsByTagName('head')[0].appendChild(s); })();(function(h,o,t,j,a,r){ h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)}; h._hjSettings={hjid:1422437,hjsv:6}; a=o.getElementsByTagName('head')[0]; r=o.createElement('script');r.defer=1; r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv; a.appendChild(r); })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');

Security Issue Reporting Policy

Titan FX

Introduction

At Titan FX, we take the security of our systems, services,data and users seriously. We recognize the valuable role that independent security researchers and members of the security community can play in helping to identify potential security issues.

This Security Issue Reporting Policy (”Policy”) outlines how you can responsibly report any potential security vulnerabilities in a responsible and lawful manner.

Scope

This policy applies to:

  • Our primary web applications and services in current production environments;
  • Public-facing infrastructure and systems currently in active use; and
  • Mobile applications published and distributed by Titan FX.

Out of Scope

  • Third-party services and integrations (report directly to respective vendors);
  • Issues in third-party dependencies (unless they create a unique security issues in our specific implementation);
  • Development, staging, testing, or deprecated systems;
  • Systems clearly marked as end-of-life or legacy;
  • Social engineering attacks (e.g., phishing, pretexting, etc.) or security issues arising from human factors outside of system design.

Acceptable Discovery Methods

We accept reports for security issues only when they are discovered through lawful and non-intrusive means, including:

  • Routine use of our publicly accessible systems, services, or applications
  • Legitimate interactions with our systems as an authorized user
  • Accessing your own data and accounts
  • Observing unintended behavior through intended functionality

Strictly Prohibited Methods

The following activities are strictly prohibited and are considered violations of this Policy, our Terms and Conditions, and potentially applicable laws:

  • Vulnerability scanning or automated testing
  • Penetration testing or simulated attacks
  • Attempting to access or modify data belonging to others
  • Disrupting or degrading the availability or performance of our services
  • Social engineering, phishing, or manipulation of employees or users
  • Brute force or credential stuffing attacks
  • Network scanning, port probing, or reconnaissance activities
  • Attempting to bypass authentication, authorization, or access controls

Any use of these or similar methods may result in legal action by Titan FX and will not be protected under this Policy’s safe harbor provisions.

Reporting Security Issues

If you have identified a potential security vulnerability during lawful and authorized use of our systems, services, or applications (as per acceptable discovery methods above), we encourage you to report it as soon as possible to:

Primary Contact:security@titanfx.com
Subject Line Format: [SECURITY] Brief description of issue
Encryption: PGP key available at https://titanfx.com/pgp/pub.txt

We request that you:

  • Do not publicly disclose the security vulnerability before we have had an opportunity to investigate and remediate it.
  • Avoid accessing, modifying, or deleting data that is not your own.
  • Do not perform any actions that may harm our systems or users (e.g., denial of service, social engineering, or phishing).

What to Include in Your Report

To assist us in thoroughly evaluating and addressing the reported possible security vulnerability issue, please include the following information in your report:

  • A detailed description of the vulnerability;
  • Step-by-step instructions to reproduce the vulnerability;
  • Potential impact assessment, including any risks to data, users, or system integrity;
  • Relevant supporting evidence (screenshots, logs, etc.)
  • Your contact information (e.g., name, email address), so that we may follow up with you if additional information is needed.

Our Commitment

When you report a security vulnerability to us in accordance with this Policy, we are committed to the following actions:

  • Acknowledgment: We will acknowledge receipt of your report within (5) business days
  • Investigation: We will conduct a timely and thorough investigation of the reported security issue to determine its validity and scope.
  • Communication: We will maintain open communication and provide periodic updates on the status of the investigation and resolution process.
  • Resolution: If the security issue is confirmed, we will make reasonable efforts to remediate the vulnerability in a timely manner, based on its severity and potential impact.

Legal Framework and Safe Harbor

At this time, Titan FX does not operate a bug bounty program or a formal responsible disclosure program.

Through this Policy, Titan FX solely aims to protect individuals who, in good faith, inadvertently discover security vulnerabilities during normal, authorised use of our systems or through non-targeted, passive internet scanning and who report such findings responsibly in accordance with this Policy.

These individuals may be eligible for safe harbor protections, provided the following conditions are strictly met:

  • The discovery was unintentional, during normal, authorized use of Titan FX systems or through passive, broad internet scanning not specifically directed at Titan FX.
  • All testing or related activity ceased immediately upon identification of the potential security vulnerability.
  • The vulnerability was not exploited beyond what was strictly necessary to prove its existence;
  • The security issue was reported promptly and exclusively through the channels specified in this Policy;
  • The individual remains in full compliance with all aspects of this Policy

This Policy does not constitute a waiver of any legal rights or remedies available to Titan FX in the event of unauthorized access, testing, scanning, probing of our systems or other prohibited activity.

If you are uncertain whether a specific action falls within the scope of acceptable behavior under this Policy, you must contact us for clarification prior to proceeding.

Google Reviews
Open a Live accountOpen a Demo account
Loading