Vulnerability Disclosure Policy

We are committed to keeping our systems and users safe. This policy authorizes and encourages good-faith security research. If you believe you have found a vulnerability in any of our systems, we want to hear from you. Our systems encompass portals at *.gtsvirtualhealth.net, app GTS VirtualHealth, and app GTS SmartShare.

Authorization

We authorize good-faith security research on systems and services operated by this organization. Researchers who act in accordance with this policy will not be pursued in connection with their research activities.

Scope

This policy applies to all systems, applications, and services owned and operated by our organization, including web applications, APIs, and network infrastructure.

Out of scope
    • Third-party services and platforms we do not control
    • Social engineering or phishing of our staff or users
    • Physical attacks against our facilities or hardware
    • Denial-of-service or volumetric attacks
What we ask of you
  • Do not access, modify, or delete data that does not belong to you
  • Do not disrupt production services or degrade user experience
  • Report findings promptly and provide sufficient detail to reproduce the issue
  • Give us a reasonable window to respond before any public disclosure
Disclosure timeline

We ask that you allow us a reasonable period—typically 90 days from initial report—to investigate and remediate a vulnerability before public disclosure. We do not require indefinite non-disclosure. If a timeline extension is needed, we will communicate with you openly.

Your Name
Optional — anonymous reporting is supported.
Optional — anonymous reporting is supported.
1000 character limit
1000 character limit
Drag & Drop Files, Choose Files to Upload You can upload up to 4 files.
Allowed extensions: png, gif, jpg, pdf. Max File Size: 15 MB. Max Files: 4.