Security Policy

METATRACE LTD offers a wide range of services that are used by millions of people around the world. Focusing on AR and location detection, METATRACE LTD stores valuable data that we want to protect from malicious threats. Security reports help us ensure the security of our data and players.

Thank you for your help!

Report a vulnerability

We appreciate the work of security researchers and would like to invite everyone who is willing to take the time to help METATRACE LTD to improve security to share their opinion with us. METATRACE LTD is committed to interacting with the community and is grateful for your contribution!

If you would like to report a security issue that you have discovered, be sure to read our terms and conditions and comply with them before submitting reports to us.

Domains

  • *.metatrace.me

  • *.mytrc.me

Services and corresponding servers

  • MetaTrace

  • TraceWallet

  • TraceMarket

  • MetaFora

Types of vulnerabilities

  • Disclosure of information such as application and version banners, stack traces, server errors, internal IP addresses, or path disclosure;

  • Brute force attacks using a username/password, account blocking, listing a username/email address (attacks that go beyond blind testing may be considered);

  • Any physical attacks on METATRACE LTD Facilities or Property or employees;

  • Any social engineering attacks (e.g. phishing, email spoofing or self-XSS);

  • Open redirects;

  • Problems with TLS/SSL;

  • Any exhaustion и disruptive атаки, such as (Distributed) denial of service, spam requests, slow-loris, etc.;

  • Click-jacking;

  • CSRF Issues Affecting Account Integrity;

  • Cookie security (e.g. secure flag);

  • Outdated or known vulnerable software (problems of high severity can still be considered depending on the possible impact);

  • Fraud incidents or problems related to in-game exploits.

We will make every reasonable effort to investigate and resolve the reported problem within 90 days. However, in some cases METATRACE LTD may need more time, but we will contact you. Do not share information about the report until METATRACE LTD informs you that the problem has been solved, so that attackers cannot use your information and do not harm the ecosystem of Services and other users of these Services.

Do not change any data that you have accessed as a result of your investigation, so as not to harm the ecosystem of Services and other users of these Services.

Avoid privacy violations and disruptions, including (but not limited to) affecting the quality of service through (D)DoS, data deletion, or access to personal accounts (for example, through phishing). You remain personally responsible for any privacy violations, failures, or any violations of applicable laws or regulations that you commit, even if you participate in the search for security vulnerabilities. Don't try to exploit the vulnerability (for example, don't try to access a machine or perform a pivot/scan of an already compromised one to demonstrate additional risk).

Don't try to exploit the vulnerability (for example, don't try to access a machine or perform a pivot/scan of an already compromised one to demonstrate additional risk).

Do not violate any other applicable laws or regulations.

You acknowledge that any report or information you provide to METATRACE LTD constitutes a "Review" as defined in our user agreement of the Terms of Service, and you agree to the said user agreement of the Terms of Service.

You acknowledge that providing us with a report or any feedback does not entitle you to any remuneration, compensation or remuneration of any kind.

You can report a problem by contacting us [email protected].

Last updated