Request a Demo
Our Top Courses

<span style="color: rgba(0, 0, 0, 0.85); font-family: Roboto, sans-serif; font-size: 18px; background-color: #fafafa;">DigiAssess is a digital assessment platform that enables institutions to design, conduct, evaluate, and improve assessments, including examinations, results, learning outcomes, accreditation, and quality assurance.</span>

Request a Demo

Vulnerability Disclosure Policy

  • Home
  • Vulnerability Disclosure Polic ...

Vulnerability Disclosure policy 

Introduction

DigiVal Solutions (“DigiVal”, “we”, “our”, or “us”) is committed to maintaining the confidentiality, integrity, and availability of its systems, platforms, and user data, including the DigiAssess platform.

This Vulnerability Disclosure Policy (“Policy”) sets out the framework under which security researchers, users, and third parties (“Researchers” or “you”) may responsibly identify and report potential security vulnerabilities affecting DigiVal systems.

This Policy does not create any contractual obligation or legally binding agreement on DigiVal, except as expressly stated. 

Reporting of Vulnerabilities

Any suspected or identified vulnerability shall be reported promptly to DigiVal at:

Email: securityadmin@digivalsolutions.com 

All reports must, at a minimum, include:

  • A clear and detailed description of the vulnerability 
  • Step-by-step instructions sufficient to reproduce the issue 
  • Identification of affected systems, endpoints, or URLs 
  • An assessment of the potential impact and severity 
  • Supporting evidence, including but not limited to screenshots, logs, or proof-of-concept material 

DigiVal reserves the right to request additional information where reasonably required to assess or validate the reported vulnerability.

DigiVal Commitments

Subject to the completeness and legitimacy of the report, DigiVal shall use commercially reasonable efforts to:

  • Acknowledge receipt of a vulnerability report within two (2) to three (3) business days 
  • Assess, triage, and validate the reported vulnerability in a timely manner 
  • Implement appropriate remediation measures based on risk prioritisation 
  • Provide periodic status updates, at DigiVal’s discretion 

Nothing in this Policy shall be construed as an obligation to resolve all reported vulnerabilities within a specific timeframe.

Scope of Application


In-Scope Systems

This Policy applies to vulnerabilities identified in DigiVal-owned or controlled systems, including:

  • Public-facing websites and web applications 
  • APIs and backend infrastructure 
  • Mobile applications (Android and iOS) 

Out-of-Scope Activities

The following activities are expressly prohibited and excluded from this Policy:

  • Social engineering, phishing, or manipulation of personnel 
  • Physical intrusion or security testing of facilities 
  • Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks 
  • Automated or high-volume scanning that degrades system performance 
  • Testing that results in disruption, degradation, or compromise of data integrity 

Any activities outside the permitted scope may result in appropriate legal action, at DigiVal’s discretion.

Responsible Disclosure Obligations

As a condition of protection under this Policy, you agree to:

  • Act in good faith and in a manner consistent with applicable laws and regulations 
  • Limit testing strictly to the extent necessary to demonstrate the vulnerability 
  • Refrain from accessing, altering, exfiltrating, or destroying data belonging to DigiVal or its users 
  • Avoid any action that disrupts or degrades DigiVal services 
  • Maintain strict confidentiality and refrain from public disclosure until expressly authorised by DigiVal in writing 

 

DigiVal retains sole discretion in determining whether a disclosure has been made responsibly.

Researchers shall not retain, store, or process any personal data accessed during testing and must securely delete such data immediately after reporting. 

Safe Harbor

Subject to full compliance with this Policy, DigiVal reserves the right to take appropriate legal action, but does not intend to initiate legal proceedings against Researchers, provided that the Researchers strictly comply with this Policy.

This Safe Harbor provision does not apply where:

  • There is evidence of malicious intent, exploitation, or misuse 
  • Applicable laws or regulations are violated 
  • Third-party systems or data are impacted 

Intellectual Property and Use of Submissions

The Researchers retain ownership of their submission. However, by submitting a vulnerability report, the Researchers grant DigiVal a non-exclusive, perpetual, irrevocable, royalty-free, worldwide licence to use, reproduce, modify, and incorporate the reported findings for security, operational, and business purposes.

No compensation shall be due unless explicitly agreed in writing.

Recognition

DigiVal may, at its sole discretion, acknowledge Researchers for valid vulnerability disclosures. Any such recognition shall be subject to:

  • Internal approval processes 
  • Compliance with confidentiality requirements 
  • Absence of any legal or contractual restrictions 

Limitation of Liability

To the maximum extent permitted under applicable law, DigiVal shall not be liable for any damages, losses, or claims arising out of or in connection with participation in this Policy or any testing conducted by Researchers. All activities undertaken by Researchers are at their own risk.

Reservation of Rights

DigiVal reserves all rights not expressly granted under this Policy. Without limitation, DigiVal reserves the right to determine, at its sole discretion, the validity, scope, and impact of any reported vulnerability, and to take such actions as it deems appropriate. 

Policy Updates

DigiVal reserves the right to amend, modify, or withdraw this Policy at any time without prior notice. Continued participation following such updates constitutes acceptance of the revised Policy.

No Waiver

Failure by DigiVal to enforce any provision of this Policy shall not constitute a waiver of its rights. 

Governing Law and Jurisdiction

This Policy shall be governed by and construed in accordance with the laws of the Dubai International Financial Centre (DIFC). 

Any dispute, controversy, or claim arising out of or in connection with this Policy, including any question regarding its existence, validity, interpretation, performance, or termination, shall be subject to the exclusive jurisdiction of the courts of the DIFC. 

Contact

For all vulnerability disclosures and security-related communications:

Email: securityadmin@digivalsolutions.com 

footer logo
DigiVal IT Solutions Limited
Unit 13B, Level P7, Damac Park Towers,
Dubai International Financial Centre (DIFC),
Dubai, United Arab Emirates

Platform

Solutions

Features

Who We Serve

Resources

Blog

Case Studies

eBook

Sustainability

Company

About Us

Contact Us

Compliance

Data Security

Accreditation Policy

Cookie Policy

Privacy Policy

Terms and Conditions

Accessibility

Vulnerability Disclosure

©2026. All rights reserved by DigiAssess.

[academy_login_form]