Child Protect Platform logo mark Child Protect Platform
Englishไทย
Home / Legal & Trust
Legal & Trust

Vulnerability Disclosure Policy

This policy explains how to report suspected vulnerabilities safely and legally.

Last updated: June 12, 2026

Designed to support PDPA-aware safeguarding operations in Thailand.

Child Protect Platform helps schools and child-focused organizations improve data control, evidence preservation, user access, and auditability in ways that support responsible Thailand-focused safeguarding operations.

View Thailand AlignmentVisit Trust Center

How to report

Report suspected vulnerabilities to security@childprotect.co. Include a clear description, affected URL or component, reproduction steps, potential impact, and safe proof-of-concept details. Do not include child data, real evidence, credentials, or confidential records.

Good-faith testing

Good-faith reports are welcome when testing is limited, non-destructive, and does not access, modify, exfiltrate, disclose, or disrupt data or services. Testing should be limited to public pages or systems you are expressly authorized to test.

Prohibited activity

  • Accessing, downloading, changing, or deleting data that does not belong to you.
  • Denial of service, spam, social engineering, phishing, physical attacks, or malware.
  • Testing against tenant or school accounts without written authorization.
  • Public disclosure before the issue is resolved and coordinated.

Response process

Reports will be reviewed, prioritized by severity, and remediated based on risk. We may ask for additional information. Public acknowledgement may be provided where appropriate and lawful.

Safe harbor position

We will not pursue legal action for good-faith research that follows this policy, avoids harm, and does not violate privacy or disrupt services. This statement does not authorize unlawful activity or testing of third-party systems.