Responsible Disclosure

Download PDF

Last updated: 23 november 2025

Rotjedam is operated by C’est Vu B.V.

At C’est Vu B.V., we take the security of our systems seriously. Despite our best efforts,
it’s possible that a security vulnerability might exist. If you discover such a vulnerability,
we appreciate your help in disclosing it to us responsibly so we can address it as soon
as possible.

We are committed to working with security researchers to better protect our systems
and customers.

 

What We Ask of You

If you discover a security issue, please:

  1. Report it to us immediately by emailing privacy@cestvu.com.
  2. Do not exploit the vulnerability, for example by:
    • Downloading excessive amounts of data;
    • Accessing, modifying, or deleting data belonging to others;
    • Making changes to systems;
    • Uploading malware or launching denial-of-service (DoS) attacks.
  3. Avoid social engineering, phishing, or physical intrusion.
  4. Provide enough information for us to reproduce the issue. Typically, an IP address or
    URL and a description of the vulnerability is sufficient. For more complex issues, we
    may request additional details.
  5. Do not share the vulnerability with others until we’ve resolved the issue.

 

What You Can Expect From Us

  1. We will acknowledge your report within 5 business days and provide an estimated
    timeline for resolution.
  2. We will treat your report confidentially and will not share your personal information
    without your permission, unless legally required.
  3. We will keep you informed about the progress of the fix.
  4. If your report follows the rules outlined above, we will not take legal action against
    you. We view your actions as a contribution to the security of our systems.
  5. With your consent, we may list your name on our Security Acknowledgements page
    as a thank you. At this time, we do not offer monetary rewards, but depending on
    the severity of your findings, you may be eligible for a Dad Hat or a Hoodie in a color
    of your choice (bug bounties).

 

Exceptions

This policy does not apply to:

  • Automated vulnerability scans performed without prior permission;
  • Penetration tests conducted outside of a formally approved scope;
  • Activities that intentionally cause harm to our infrastructure or users.

 

For Students and Penetration Testers

If you are performing a test as part of a course or internship, prior approval and a
signed waiver agreement (NDA) are required. Scope, timing, and communication
must be agreed upon in advance.

 

Final Note

By reporting a vulnerability, you agree to comply with this policy. This Responsible
Disclosure Policy is based on best practices as recommended by the
National Cyber Security Centre (NCSC).

 

Contact

If you have any questions about this Responsible Disclosure Policy, You can contact us:

C’est Vu B.V.
Rotjedam is a label of C’est Vu B.V.

+31 85 400 5555

info@rotjedam.nl
privacy@cestvu.com
legal@cestvu.com

Registered at the Dutch Chamber of Commerce (KVK): 95479848