Play Responsible

Our Responsible Disclosure Guidelines

At Mypowerballstrike.co.nz we are committed to protecting our Players – and this means keeping our systems and information secure and private. If a security expert or researcher or member of the public (Reporter) believes they have identified a security issue with our systems or website, we encourage reporting of that information to us responsibly. We are committed to working with the Reporter to get that issue fixed.

Provided the Reporter adheres to our Responsible Disclosure Guidelines below when a security issue is discovered and reported, we will receive this issue on a “no blame” basis. This means we won’t take legal action against the Reporter, and such Reporter will not be restricted from accessing Mypowerballstrike.co.nz or the Mypowerballstrike.co.nz App (where such Reporter is already a Player).

However, Mypowerballstrike.co.nz reserves all its legal rights if the Reporter does not follow the Responsible Disclosure Guidelines.

If you are undertaking security testing, please:
Use your best efforts to avoid:
A breach of the privacy of individuals
Anything that will slow the system down for users
Disruption or damage to any “live” systems
Destruction of data
Any illegal activity (including crimes in sections 248 to 252 of the New Zealand Crimes Act 1961)
Perform research only within the Scope, as outlined below
Delete, and do not share, any Mypowerballstrike.co.nz confidential information or personal information you might have obtained.
Keep information about any security issues with our systems that you’ve discovered confidential between yourself and Mypowerballstrike.co.nz until we’ve had an opportunity to fix them.

Our commitment to you
If you follow the Responsible Disclosure Guidelines when reporting an issue to us, we commit to:
Being as open and straightforward as possible
Keeping your information confidential within Mypowerballstrike.co.nz and the relevant technology provider, unless we must disclose it because:
A third party discovers and releases the security issue within our system before we’ve had the chance to resolve it; or
The information on the security issue within our system is used to cause a privacy breach and Mypowerballstrike.co.nz is required to handle the breach as per the Privacy Act 2020; or
To protect the personal information and safety of our Players
Not taking any legal action against you related to your research
We will acknowledge your report of the issue within two-three business days of receiving it and will provide you with regular updates of our progress in fixing it.
We will also recognise your help, where appropriate, with a letter of acknowledgment if you are the first to report the issue and we make a code or configuration change based on the issue.

Please note that:
If the report results in a configuration or code change, Mypowerballstrike.co.nz will work to fix the issue as a priority as soon as possible.
We do not currently offer any rewards, run a bug bounty program, or participate in an external scheme.

Scope

Websites and systems in scope of this standard
The scope of these guidelines includes the following Mypowerballstrike.co.nz websites and systems:
Mypowerballstrike.co.nz.co.nz
The Mypowerballstrike.co.nz iOS Mobile Application
The Mypowerballstrike.co.nz Android Mobile Application

Services out of the scope of this standard
To protect the safety of our Players, our employees, our systems, and you, the following test types are excluded from scope:
Findings from physical testing such as office access (e.g. open doors; tailgating; compromising access cards)
Findings derived mainly from social engineering (e.g. phishing, whaling)
Findings from applications or systems not listed in the ‘In Scope’ section
UI and UX bugs (e.g., cosmetic bugs) and spelling mistakes
Network level Denial of Service (DoS/DDoS) weaknesses
Any form of unauthorised Penetration Testing of our services
Obtaining personal information or potentially threatening the safety of players
Destruction or corruption of (or attempts to destroy or corrupt) data or information that belongs to Mypowerballstrike.co.nz. This includes any information that may be about you or your access to our systems.

How to report a security issue
To report a security issue, please send a PGP encrypted email to privacy@ mypowerballstrike.co.nz — our PGP fingerprint is 3226 521C 2C9C 25E6 4752 A261 7AD9 740C 2F35 697C — including the following information:
Type of security issue
How you found the security issue
Whether the security issue has been published or shared with others
Affected configurations
Exposure or possible exposure of any personal information
Description of the location and potential impact of the security issue
A detailed description of the steps required to reproduce the issue or risk (Proof of concept scripts, screenshots, and compressed screen captures are all helpful to us)
Your name/handle for recognition

Contact us
Any inquiries regarding this standard should be directed to privacy@ mypowerballstrike.co.nz