Security & Vulnerability Disclosure

Report a Vulnerability

If you have discovered a security vulnerability in PulseRing Pro's product, app, website, or infrastructure, please contact us directly. We commit to acknowledging your report within 5 business days.

vuln@pulseringpro.com.au

Our Commitment to You

PulseRing Health Pty Ltd is committed to working with security researchers who identify vulnerabilities in good faith. We will not pursue legal action against researchers who comply with this policy and act responsibly.

We believe that responsible disclosure makes our products safer for every customer. We treat security research as a collaborative effort and commit to the following response standards:

Acknowledgement

Within 5 business days of receiving your report

Initial Assessment

Within 14 business days — we will assess severity and scope

Status Update

Within 30 days — remediation timeline confirmed or explanation provided

Resolution Target

Critical vulnerabilities: within 30 days. High severity: within 60 days. Medium/Low: within 90 days

Credit

With your permission, we will publicly acknowledge your contribution

What to Include in Your Report

To help us investigate and resolve issues quickly, please include as much of the following as possible in your report to vuln@pulseringpro.com.au:

Helpful Information to Include

A clear description of the vulnerability and its potential impact

Step-by-step instructions to reproduce the issue (proof of concept)

The affected component (website, mobile app, device firmware, API)

Any tools, techniques, or scripts used in discovery

Screenshots, logs, or other supporting evidence

Your contact details if you wish to receive updates

Scope — What We Want to Hear About

We are interested in vulnerabilities affecting any PulseRing Pro products, services, and infrastructure. The following are examples of in-scope and out-of-scope issues:

In Scope

Authentication or authorisation bypass

Sensitive data exposure or leakage

Remote code execution on any system

Security flaws in the PulseRing Pro mobile app

Device firmware vulnerabilities

API security issues or data exposure

Cryptographic weaknesses

Insecure data storage or transmission

Out of Scope

Social engineering or phishing attacks

Physical attacks on devices or facilities

Denial of service (DoS/DDoS) attacks

Spam or email security issues unrelated to our product

Vulnerabilities in third-party services we use

Issues that require physical access to a user's device

Theoretical vulnerabilities without proof of concept

Safe Harbour — Our Promise to You

We consider security research conducted under this policy to be authorised and will not pursue civil or criminal action against researchers who:

Authorised Research Activities

Notify us promptly upon discovery of a vulnerability

Make every effort to avoid privacy violations, data destruction, or service disruption

Do not access, modify, or delete customer data beyond what is necessary to demonstrate the vulnerability

Do not exploit the vulnerability beyond proof-of-concept demonstration

Allow us reasonable time to remediate before any public disclosure

Do not conduct research on systems belonging to third parties

We ask that you give us a minimum of 90 days to remediate a reported vulnerability before publicly disclosing it, or contact us to agree on a coordinated disclosure timeline.

Cyber Security Compliance

PulseRing Pro is designed and built in compliance with the March 2026 Australian Cyber Security Rules for Smart Devices. Our security commitments include:

🔐Unique Per-Device Credentials

🔄5-Year Software Support

📢Public Vuln Disclosure

🇦🇺AU Data Storage

🛡️Privacy Act 1988 Compliant

Policy Version 1.0

Effective Date March 2026

Review Cycle Annual

Contact vuln@pulseringpro.com.au

Software Support Until Minimum June 2031

Questions About This Policy?

If you have questions about this vulnerability disclosure policy, or are unsure whether a finding falls within scope, please contact us before conducting research. We're happy to clarify.