Product Security Policy
Protecting our customers from threats to their security is always an important task for Baseus. As a consumer IoT product maker, we will do our utmost to provide our users with secure stable products and services, and to strictly protect the security of their data.
We welcome and encourage all reports related to product security. We will follow established processes to address them and provide timely feedback.
Report Vulnerabilities to Baseus
We strongly encourage organizations and individuals to contact Baseus security team to report any potential security issue.
To report a security vulnerability, please send email to care@baseus.com.
The email should include at least the following information:
- Your organization and contact information
- Products and versions affected
- Description of the potential vulnerability
- Information about known exploits
- Disclosure plans
- Additional information, if any
Baseus will need to obtain detailed information about the reported vulnerability to more accurately and quickly begin the verification process.
Vulnerability Reporting Guidelines
- All parties to a vulnerability disclosure should comply with the laws of their country or region.
- Vulnerability reports should be based on the latest released firmware, and preferably written in English.
- Report vulnerabilities through the dedicated communication channel. Baseus may receive reports from other channels but does not guarantee that the report will be acknowledged.
- Adhere to data protection principles at all times and do not violate the data security of Baseus's users, employees, agents, services or systems during the vulnerability discovery process.
- Maintain communication and cooperation during the disclosure process and avoid disclosing information about the vulnerability prior to the negotiated disclosure date.
- Baseus is not currently operating a vulnerability bounty program.
How Baseus Deals with Vulnerabilities
Baseus encourages customers, vendors, independent researchers, security organizations, etc. to proactively report any potential vulnerabilities to the security team. At the same time, Baseus will proactively obtain information about vulnerabilities in Baseus products from the community, vulnerability repositories and various security websites. In order to be aware of vulnerabilities as soon as they are discovered.
Baseus will respond to vulnerability reports as soon as possible, usually within five business days.
Baseus customer service team will work with the product team to perform a preliminary analysis and validation of the report to determine the validity, severity and impact of the vulnerability. We may contact you if we need more information about the reported vulnerability.
Once the vulnerability has been identified, we will develop and implement a remediation plan to provide a solution for all affected customers.
Remediation typically takes up to 90 days and in some cases may take longer.
You can keep up to date with our progress and the completion of any remediation activities.
Support Period of Security Update
We will do our utmost to provide continuous security updates for our products, the support period of security update is actively maintained at least two years from the day of launching on certain product models, for more details please refer to the software update.
Updates to this Product Security Policy
We may update this Product Security Policy from time to time, so please review it frequently. If we change our Product Security, we will post the revised version here, with an updated revision date.
How to Contact Us
Should you have any Product Security related questions or comments related to this Product Security Policy, please contact us at care@baseus.com
If you have complaints or concerns about this Product Security Policy, please contact us via the above email. We treat all complaints about a breach of the Product Security Policy seriously. Someone from Baseus.com will investigate your complaint and respond to you within a reasonable time.