Responsible Disclosure Policy

98point6 cares deeply about maintaining the confidence our customers place in us. Therefore, the security of the health information entrusted to us is of paramount importance. To that end, we support the responsible disclosure of security vulnerabilities, as our top priority is protecting the privacy of customer and patient data.

We ask if external parties find any sensitive information, potential vulnerabilities and/or weaknesses that they please help by disclosing it to us in a responsible manner.  If you want to encrypt your disclosure email, please email us at security@98point6.com by using our PGP key below.

We request that parties do not engage in any of the following:

  • Attempts to modify/destroy/corrupt other users data.
  • Attempts to (D)DoS 98point6 products, services or applications.
  • Any violations of applicable law.
  • Accessing other user’s account details or any other user’s private information.

We may ask parties to destroy any information they hold that does not belong to them, after we have confirmed the vulnerability. This includes Protected Health Information (PHI) or Personally Identifiable Information (PII), and any other information we deem a threat to the security or privacy of our customers.

Customer Security

Since we deal with PHI and PII we require that any such information is transmitted and/or stored securely. We request that details of any PHI/PII or the disclosed vulnerability not be disclosed to any third parties or to the public to the extent legally possible.

Commitment

Reports submitted to 98point6 in good faith and pursuant to this process will result in 98point6's commitment to the following:

  • We will acknowledge receipt of your vulnerability report and send you regular updates about our progress.
  • If your report is reproducible as an exploit and results in a change to the code base or documentation of a 98point6 product, we will – at your option – publicly acknowledge your responsible disclosure.
  • Any information shared with us will be kept confidential within 98point6 where permitted by law.

PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsFNBFix20gBEADenQ/IpWywB7i8LEaZxoSS9laNkjDvEtQJ8GiXYgYinPeR
fXT7d7h1UBrUnbs6JOF9X+aO2px4kM4w3Ohg3Qi5DJUYDIiNTO/l17RYohY+
kUlumQ5lkH24q8JCxEHpkPQ/os9ANol0wNBJcGweqx6A0JVpqd+L+DQINl69
7h2Vb7r+PemR7S6sHkwu2byrBABMvzpAmS+763DsC6Az2ZZdlHoDcUsY3R/E
AE17ZQdNOmOL4qKRXKIWZGgpHzJwfSQqRZh6agCiYzoahvHdt68Crrttz5UR
GrNJKoHkdOaikEORsyptyQJucXQ19EZ/Br+Np5BCXWDhXw/kBumcYwQpiNTE
3hUHH7wyzEyHYPZscOD7ViDe4xpQAX385fgQ3bqBOOK6vRkCJCWfqAGHWgHi
szE6U++Rql6EDQRRiWPhqMRgy7p3MSXPPTEoDq07/dRhPplFboONVsNBUXq8
gAFF3ChzSsgYjB658o17mIC2Wu95rEUonjO9RVtcb1LP6a2jYPpCxvIxMHab
Z222R2bdGskWG15NWMQhSazXbW0bi38nLQO6U089hRyfLezyaPf5YFDRmF1T
6XoFwsecYxEWeILyBquUksN0IEm1kmIcAWXug5/gpXzf/3CALS92v+fP9yb8
kRhu5CmqHUy2UFSaTsaRqx0Pe6Y427nPlQiuEQARAQABzSlTZWN1cml0eSA5
OHBvaW50NiA8c2VjdXJpdHlAOThwb2ludDYuY29tPsLBewQQAQgALwUCWLHb
SgUJA8etAAYLCQgHAwIJEOu+fKH9XpAdBBUIAgoDFgIBAhkBAhsDAh4BAACW
shAAuCJeA073qbWmSTnNh5duQ2PBrGQQQKw1uc7XsoQGwHWlu8Tn9KjXmuFE
maiHFLNccDdThoOtejTFpN8qurUIzp1jxT5KB9jPtsw4EvTywWy8Wqw/P9cx
HjOIoVdWnE0oyO6VrAq+aCzLCDiqP6V7lokiEChl+lJZXRpf8dXXYqrN0NQq
NThR8QLaMdTOqeF/O3iC4FSPu6ao+F8kduMuC2YvHPzdRCjxleXxY6cvJd2H
bGS4XFJlESmo5j7f0A6JA5CewEIcTItKjBVqC3afH+gV8X1kz0uYLM2zf8rR
aRUJVruVYEK1j1DZadeUsZkwFCI7lUr8Mww5vpAjWPs1dwPuJbSqIThiW1G2
vdcNbk7/78+uBjQ4InMXGGX4Ak6BL5PYN5hyU/v6dAFvTOONOA/Y/DXijv5r
qPniT6f5/E241WGRZBBjytDaVVd3AvoN9LHcw38UZttbSuf1bx35qiim2zpj
Y+al6nmjU1CHxGqcWs9fJcN8jYPbNcWsAj04FljYfN1tgD2i7YiQeIGuAVuv
8cYVsChgVCKKMnP/EHdDgevr2NCtRTom4zxPS3dmkaMLiwgbw3SQzycLh1Nt
W4QYW9yLyG2UeJRLRvMrWmqDxdL0l+LGJArKfYLEf2UeRSoOCJ80dZEoSonx
eAADijMzr2kuLvzj5hhOxe1n+VTOwU0EWLHbSAEQANxtZTN37pr8zfYwPF0n
wsQQPkyQ0f/3eZxjxJZXeQzn6Wp382ShnGxMG20ZSogegu6LrmxBJ25WnxXv
l3AETruFA39M3N9tJ53yooUuoLbwEEwWfEvpoVGmBc4Gld64sshEnLa6y/7/
M4h6Dpxp6rQW0swu0x+v2rBE23NY+JqIpR/CmiA9+iA0bxHUa9NULChCmuV9
vi28v/SxGaPUyVv/x/bk2hA8m4pi1wgFxk4UbJC2KQwuffk11DjBIO4JkXIl
AAjJ55TQ9subXZTvLEGbueyhZm0z2FY7HaEjBpZueZ1vPTozVHfIfFpJxDGL
8PTw1JQD7sVE1albhKjgQSrIwz6nVcSet6Yd4qN0DtTeHI+QQtNYcC5mUQme
OxDvqY0f5bNGp8sccLZ3w7iK7S/uRCIM32NRUxC8VutoCKXU41TQGHipmCbT
YWoG3wKdUotz2qvw1cXHRxL6KeyKvxpkbUX2JXymVNkjooRWR/T4qPm7eGEx
fK2CpRnhmN8G9OgZiIifzy2hKQXo9arSu3X3yo2wnRyBXKlq2AEAWehML7C3
qeqpFpP9V8gwqkU2Jg2yltGO1yv5GJ6fj6dTXr3TXt4cvQbN6GBsuI69kJzX
zIONT5YbsBzdwRjk3yKuIsg2SIUvvZNy0wIGzBdLbf3H7QHpbebc6MMFdaRZ
7nFLABEBAAHCwWUEGAEIABkFAlix20wFCQPHrQAJEOu+fKH9XpAdAhsMAADm
oBAAujjfxdm7GVQJdA5/o4/r6tBBM4S+dT+FMiEYvUSiWRkPJbKFvMzu+9jd
8aZxJrXQyHpPWqipUN5MdNnKc+n5RHfJH+xW1MFmaPcOub0nD6rGi2dvuKtp
dE9LTMvqN/MMka/Eb+MOJv83K+gvQVe5HuWulpGl8sQ2M3xOEGZbLKdWI5Ab
/TWWnJNRJWmMBcWQ9G1o6Wi2h8sdxvRjiai2pPP5QvM1NkYFGXcyd8Rzgggl
swYSjgiGaGH2KqWoTjSiMuh2RwgfRAyFHu+ZN0EiTeYd3sXMPxzNVvkpFby8
ZBXBpYggjpi8fYvrWSpb4W9hsj790FyfEXA3JYwo+moAr9hVv9pFxMf+pML3
E7PsJw/S3Dpr53W+Sf4Y23ziFyTb0sq2RzmjVPQtoAx8ovP4i0nIRVdIq//N
HhedJpzSgDZLhqFme3oW7OiTdjk0dRHjI9P9ixwX3FkFv7mLvyI/Po0cECXo
7hRbRc7BVhBtIKTSRDzoj1YEw09TvQvxlFEZtpNb8QffpkbiFTLCQVvvE7nm
i622QxbO9lZ8G5+mBi/L8YY/Dr5mDoEXJPNbLoBK2PHQ+pQAvO/0r84Fu9cX
5n8gOlJRPHXS+XthDV8sTAdly53GNtfahLmYn7HbI3M0p6MtUYS8ySLIdBzl
O7aQvo71/vrqr3Y+ooOOLmUuDHg=
=BLMN
-----END PGP PUBLIC KEY BLOCK-----