Security – KREDIMO

Vulnerability Disclosure Policy – Kredimo

At Kredimo, the protection of personal data, systems, and digital services is a fundamental priority. We place technology and innovation at the service of people and consider the security of our customers, partners, and stakeholders to be a core component of our responsibility.

We take extensive measures to ensure a high level of security across our digital infrastructure from the earliest stages of design and development. However, despite our best efforts, security vulnerabilities may still arise.

This Vulnerability Disclosure Policy explains how to responsibly report potential security vulnerabilities affecting Kredimo’s systems and services, and how such reports are handled.

Scope and security management

Kredimo manages and operates its own information systems and security processes, either directly or through trusted technical service providers acting under strict confidentiality and security obligations.

This policy applies to all digital assets operated by or on behalf of Kredimo, including websites, online platforms, applications, and related infrastructure.

How to report a potential security vulnerability

If you believe you have identified a security vulnerability affecting Kredimo’s systems or services, please notify us responsibly by submitting a detailed report.

To help us assess and address the issue efficiently, please include as much relevant information as possible, such as:

A description of the vulnerability
The affected system or service
Steps to reproduce the issue (if applicable)
Potential impact
Any supporting technical evidence

Contact for vulnerability reports

Email: serviço@kredimo.net
(Please clearly indicate “Security Vulnerability Disclosure” in the subject line.)

For security reasons, further communications may be conducted using secure or encrypted channels, where appropriate.

Processing of vulnerability reports

Once a vulnerability report is received, Kredimo’s security teams will:

Review and assess the reported information
Validate the existence and severity of the vulnerability
Determine appropriate corrective or mitigation measures

Kredimo will contact the reporter only if additional information is required to analyze or resolve the issue.

Important conditions

This vulnerability disclosure program does not provide any financial reward or compensation, even if a reported vulnerability is confirmed.
For security reasons, no public disclosure will be made regarding reported vulnerabilities or their remediation, unless required by law.
Kredimo remains the sole authority in determining the classification, severity, and remediation timeline of any vulnerability.

Responsible disclosure requirements

By submitting a vulnerability report to Kredimo, you agree to:

Comply with all applicable laws and regulations
Avoid any form of denial-of-service (DoS), resource exhaustion, or disruptive testing
Refrain from accessing, modifying, deleting, or exfiltrating any data
Avoid any action that could harm Kredimo, its customers, employees, partners, or third parties
Not engage in social engineering, phishing, or spam activities
Respect the physical and logical security of Kredimo’s systems and those of its service providers
Maintain strict confidentiality and not disclose any information regarding the reported vulnerability, the report itself, or its existence, unless explicitly authorized by Kredimo

This confidentiality obligation applies regardless of whether Kredimo was previously aware of the reported information.

Changes to this policy

All aspects of this Vulnerability Disclosure Policy may be updated or modified at any time, without prior notice, to reflect changes in legal, technical, or operational requirements.

Intellectual property

Submitting a vulnerability report does not grant any intellectual property rights over systems, software, data, or assets owned by Kredimo or by third parties acting on its behalf.