Clove Consulting Group is committed to maintaining the security, integrity, and confidentiality of our digital infrastructure, client information, and operational systems. We recognize the important role that security researchers, ethical hackers, and responsible individuals play in identifying potential vulnerabilities. This Responsible Disclosure Policy outlines the guidelines for reporting security vulnerabilities in a manner that protects our users, clients, and systems from misuse or exploitation. If you believe you have discovered a security vulnerability affecting our website, digital platforms, communication systems, or any related infrastructure operated by Clove Consulting Group, we encourage you to report it promptly and responsibly. A vulnerability may include, but is not limited to, issues such as unauthorized data access, authentication bypass, exposure of confidential information, server misconfigurations, cross-site scripting (XSS), SQL injection, remote code execution, or any weakness that could compromise data integrity or system security. We request that any security research conducted against our systems be performed in good faith and in a manner that avoids disruption to services, data destruction, privacy violations, or unauthorized access to client information. Under no circumstances should testing involve social engineering, denial-of-service attacks, physical security breaches, spam, or exploitation of vulnerabilities beyond what is necessary to demonstrate their existence. Researchers must not access, modify, copy, or disclose any confidential data belonging to clients, users, or employees. If sensitive information is inadvertently accessed, it must not be retained, shared, or used for any purpose and must be immediately reported.

To submit a vulnerability report, please email us at:
help.goclove@gmail.com

Your report should include a clear description of the issue, steps to reproduce it, affected URLs or systems, proof-of-concept details (if applicable), and any relevant technical information that will assist our investigation. We appreciate detailed and responsible reporting that allows us to validate and remediate issues efficiently. Upon receiving a report, Clove Consulting Group will acknowledge receipt within a reasonable timeframe, review the submission, assess its impact, and take appropriate corrective action. We request that reporters allow us a reasonable period to investigate and resolve the issue before any public disclosure. Public disclosure of vulnerabilities without prior authorization may result in legal action. This policy does not grant authorization to test systems outside the scope of assets owned or operated by Clove Consulting Group, nor does it create any partnership, employment, or compensation agreement unless explicitly stated otherwise. While we value responsible contributions to our security posture, we do not currently operate a formal bug bounty program unless separately announced. Clove Consulting Group will not pursue legal action against individuals who discover and report vulnerabilities in good faith and in accordance with this policy. However, activities that involve malicious intent, exploitation for personal gain, extortion, data misuse, or violation of applicable laws will not be tolerated and may result in legal consequences.

Our commitment to security is continuous. We appreciate the responsible efforts of researchers and individuals who help us maintain a safe and trustworthy environment for our clients and stakeholders.

For any security-related concerns, please contact:
Clove Consulting Group
Email: help.goclove@gmail.com