Security Vulnerability Disclosure Policy

The security of our customers and their data is a priority for TEKCE. If you believe you have found a security vulnerability in any of our services, we want to hear from you and we will work with you to resolve it. TEKCE operates international real estate services across multiple countries. Many of our customers make significant financial decisions through our platform, so protecting their information matters to us. We welcome reports from security researchers acting in good faith and we are committed to working with you to understand and resolve any issue quickly.

How to Report a Vulnerability

Please send your report by email to [email protected]. To help us assess and reproduce the issue, include as much of the following as you can:

• A clear description of the vulnerability and its potential impact.
• The exact URL, page, or endpoint affected.
• Step-by-step instructions to reproduce it, including any required accounts or test data.
• Proof of concept material (screenshots, request and response samples, or a short video) wh ere relevant.
• Your name or alias, if you would like to be credited.

Please do not include real customer personal data in your report. If a finding exposes such data, describe it without copying the data itself.

In scope
The tekce.com tekce.org websites and its public pages.
TEKCE official online services and customer portals.

Out of Scope
Third-party platforms and services we do not operate.
Findings from automated scanners without a working proof of concept.
Reports based solely on outdated software versions without a demonstrated, exploitable impact.

Guidelines for researchers

When investigating, we ask that you:

• Act in good faith and avoid any action that could harm our systems, our service, or our customers.

• Access only the minimum data necessary to demonstrate the issue, and never view, modify, save, or share other people's data.
• Do not run denial of service tests, automated high volume scanning, social engineering, phishing, or physical attacks against our staff or offices.
• Give us a reasonable amount of time to investigate and fix the issue before sharing any details publicly.
• Comply with all applicable laws.

What you can expect from us

We will acknowledge receipt of your report, normally within 3 business days.
We will investigate, keep you informed of our progress, and let you know once the issue is resolved.
We will treat your report confidentially and will not share your personal details without your permission.

Safe harbor

We consider security research and vulnerability disclosure conducted in line with this policy to be authorized and carried out in good faith. We will not pursue legal action against researchers who follow this policy, who act in good faith, and who avoid privacy violations, data destruction, and service disruption. If legal action is initiated by a third party against you for activities conducted in accordance with this policy, we will make this authorization known.

Recognition

We are grateful to the researchers who help keep TEKCE and our customers safe. With your permission, we are happy to publicly acknowledge your contribution once an issue has been resolved. TEKCE does not currently operate a paid bug bounty program.

Contact
Security reports: [email protected]