Responsible Disclosure Policy

Last Updated: November 20, 2025

1. Introduction

At Call Center Solutions Africa, we take the security of our systems and the privacy of our users' data seriously. We recognize the important role that security researchers and the broader community play in keeping the internet safe.

This Responsible Disclosure Policy outlines how security researchers can report potential vulnerabilities in our systems in a responsible and coordinated manner. We appreciate your help in keeping our services secure.

2. Scope

This policy applies to the following systems and services:

  • Our main website: www.callcentersolutionsafrica.com
  • Our web applications and APIs
  • Our customer service platforms
  • Any other systems owned or operated by Call Center Solutions Africa

Out of Scope: The following activities are explicitly excluded from this policy:

  • Social engineering or phishing attacks
  • Physical security attacks
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks
  • Attacks on third-party services or applications
  • Any activity that violates applicable laws or regulations

3. Reporting Vulnerabilities

If you discover a security vulnerability, please report it to us as soon as possible. To report a vulnerability, please send an email to:

Email: security@callcentersolutionsafrica.com

Please include the following information in your report:

  • A detailed description of the vulnerability and its potential impact
  • Steps to reproduce the vulnerability (proof of concept code, screenshots, or videos are helpful)
  • The affected system or component
  • Your contact information (we may need to follow up with you)
  • Any suggested remediation or mitigation steps (if applicable)

4. What to Expect

When you report a vulnerability, you can expect:

  • Acknowledgment: We will acknowledge receipt of your report within 48 hours
  • Initial Assessment: We will provide an initial assessment of the vulnerability within 7 business days
  • Updates: We will keep you informed of our progress in addressing the vulnerability
  • Resolution: We will work to resolve the vulnerability as quickly as possible, typically within 90 days depending on the severity
  • Recognition: With your permission, we may recognize your contribution to our security (if you wish to be credited)

5. Guidelines for Responsible Disclosure

To ensure a safe and coordinated disclosure process, please follow these guidelines:

  • Act in Good Faith: Only access or modify data that is necessary to demonstrate the vulnerability
  • Respect Privacy: Do not access, modify, or disclose any personal data beyond what is necessary to demonstrate the vulnerability
  • Avoid Disruption: Do not disrupt our services or impact our users' experience
  • Keep It Confidential: Do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it (typically 90 days after our acknowledgment)
  • No Malicious Activity: Do not engage in any malicious activity, including but not limited to:
    • Installing malware
    • Exfiltrating data beyond what is necessary
    • Modifying or destroying data
    • Accessing accounts that do not belong to you

6. Safe Harbor

We will not pursue legal action against security researchers who:

  • Act in good faith and in accordance with this Responsible Disclosure Policy
  • Do not access, modify, or destroy data beyond what is necessary to demonstrate the vulnerability
  • Do not disrupt our services or impact our users
  • Report the vulnerability to us in a timely manner
  • Do not publicly disclose the vulnerability before we have had a reasonable opportunity to address it

Note: This safe harbor applies only to activities conducted in good faith and in accordance with this policy. Any activities that violate applicable laws or cause harm to our systems or users are not covered by this safe harbor.

7. Recognition and Rewards

While we do not currently operate a formal bug bounty program, we appreciate the valuable contributions of security researchers. We may, at our discretion:

  • Publicly recognize your contribution (with your permission)
  • Provide a token of appreciation for significant vulnerabilities
  • Offer early access to security patches or updates

We evaluate each report on a case-by-case basis, considering factors such as severity, impact, and quality of the report.

8. Severity Classification

We classify vulnerabilities according to the following severity levels:

  • Critical: Vulnerabilities that could lead to complete system compromise, unauthorized access to sensitive data, or significant service disruption
  • High: Vulnerabilities that could lead to unauthorized access to user data or significant impact on system functionality
  • Medium: Vulnerabilities that could lead to limited unauthorized access or moderate impact on system functionality
  • Low: Vulnerabilities with minimal impact or that require specific conditions to exploit

9. Contact Us

If you have any questions about this Responsible Disclosure Policy, please contact us at:

Email: security@callcentersolutionsafrica.com

General Inquiries: hello@callcentersolutionsafrica.com

Address: 7th floor, Mitsumi Business Park, Nairobi, Kenya

Solutions

ServicesIndustriesDelivery ModelsSecurity and Compliance

Resources

Africa CX Advantage ReportGlobal Compliance PlaybookCase Studies Library

Contact

7th floor, Mitsumi Business Park, Nairobi+254 701 850 850hello@callcentersolutionsafrica.comTalk to sales

Legal

Privacy PolicyTerms of ServiceData Processing AddendumResponsible Disclosure

© 2025 Call Center Solutions Africa. All rights reserved.