XGIMI Vulnerability Disclosure Policy

Discover Our Latest Innovations at IFA 2024 Learn More

Price Match Guarantee | Get the Best Price Now! Learn More

🚚 ALWAYS FREE SHIPPING

Buy Now, Pay Later with Klarna. Interest-Free! Learn More

  

XGIMI collects information on security vulnerabilities in products and services (the "Products"), investigates their impact, and discloses information as necessary to ensure that customers can use Products with confidence.

1. Application

This policy applies to all vulnerabilities reported to XGIMI. Customers are requested to carefully read and comply with this policy before reporting vulnerabilities.

2. How to report vulnerabilities

If you discover a new vulnerability (undisclosed vulnerability) for your product, please email service-uk@xgimi.com.

3. The process after a vulnerability report

After sending the email report, the reporter will receive a confirmation receipt from us within 7 days, starting from the day after the report is sent. If we have more questions, we may contact the reporter for further information.

When we receive a vulnerability report, we take a series of steps to address the issue internally, referring to ETSI/EN 303 645:

Step 1: XGIMI requests detailed, confidential information regarding the vulnerability from the reporter.
Step 2:  XGIMI investigates and validates the vulnerability.
Step 3: XGIMI rectifies the vulnerability and ensures the fix is applied across all XGIMI product lines.
Step 4: XGIMI issues an OTA (over-the-air) update to the affected XGIMI product.
Step 5: XGIMI monitors the stability of the product after the update.

The received vulnerabilities are checked by the XGIMI technical team. Depending on the complexity of the reported vulnerabilities, XGIMI will fix them as soon as possible, not exceeding 180 days (6 months).

If it is deemed necessary to inform customers other than the reporter, the security advisory will be posted on the XGIMI website as soon as the information can be disclosed so that users can implement appropriate measures.

4. Prohibitions against the reporter

With regard to the disclosure of vulnerabilities, the reporter must not disclose vulnerability-related information to third parties without a valid reason.

However, if you need to disclose vulnerability-related information for legitimate reasons, please consult XGIMI in advance.

When vulnerabilities are discovered and verified,  please avoid the following when searching for and verifying vulnerabilities:

a. Violating applicable laws and regulations

b. Accessing unnecessary, excessive, or voluminous data

c. Altering data on XGIMI systems or services

d. Using high-intensity invasive or destructive scanning tools to discover vulnerabilities

e. Attempting or reporting any form of denial of service, such as overwhelming our services with a high volume of requests

f. Interfering with our services or systems

XGIMI deeply appreciates everyone who contributes to enhancing our products and services, thereby bolstering user protection.