Information security is paramount at Globality.

We invest considerable resources to provide a safe, secure platform to our partners, customers, and employees. Our dedicated information security team is committed to protecting our systems through continuous research, implementation of cutting-edge technology, and subject-matter expertise. Our security policy is guided by Globality’s core values, code of conduct, and business ethics. It dictates how we operate anywhere, any time.

Have questions, comments, or ideas? We want to hear!

The InfoSec Team at Globality promises a prompt reply to any valid query.

First Name *

Last Name *

Email Address *

Business Phone *

Company *

Job Title *

Job Role

Country *

Reason for contact *

Comments

Bug Bounty Program

Keeping our customers’ data secure is our top priority, and we encourage responsible reporting of any vulnerabilities that may be found in our systems or applications. Globality offers monetary rewards to software security researchers and white-hat hackers who report software vulnerabilities that have potential to be exploited. Bug reports must document enough information, obey all the rules (below), and never violate any of our provisos to be eligible for a reward. Payment amounts are commensurate with the impact of the bug reported and will be determined by Globality on a case-by-case basis.

What you can and can't do

You can’t access or attempt to access anyone else’s data.
You can’t destroy or corrupt (or attempt to) any data, system, or infrastructure component.
You can’t perform any attack that could harm the reliability/integrity of our services, such as DDoS or spam attacks.
If you find a bug, do not disclose it to anyone but us. Do not post it anywhere until we fix it.
You may only test for vulnerabilities on sites owned and operated by Globality.
You may not impact any of our users while doing your tests.
Nontechnical attacks (phishing, social engineering, physical attacks, etc.) are prohibited and ineligible for rewards.
You may not test any website forms (including lead and message forms). Such tests are automatically disqualified.
If you have any questions, concerns, or doubts, please contact us by submitting the form above.

What we will do

We will respond to your query/report as quickly as possible, usually within 24 hours.
We will update you on what we find and what we are going to do about it.
As long as you follow and abide by our rules, we will not engage in litigation against you.
If we determine that your finding is original and meaningful and has
impact and if you followed all our rules, we will reward you.

Examples of ineligible bugs

Bugs that don’t affect the latest version of modern browsers or bugs related to browser extensions
Reports that don’t include detailed steps to reproduce the issue
Insecure cookie settings for nonsensitive cookies
Bugs relating to the disclosure of public information or information that does not present significant risk
Bugs that have already been submitted by another user or that we are already aware of
Bugs in content/services that are not owned/operated by Globality,
including our third-party providers, cloud hosting services, and other
vendors (unless such bugs allow access to our data)
Automation attacks or brute forcing of any information, including usernames and passwords
Session termination, password reset requests, input validation and rate limiting on any contact forms. Exposed JS or HTML files.
Reports about email spoofing or email flooding via web forms.

How to report

Discreetly share full details of the suspected vulnerability with us by sending an e-mail to bugbounty@globality.com.

Include the following information:

A full description of the issue you discovered, including exploitation methodology and impact
Type of issue (cross-site scripting, buffer overflow, SQL injection, etc.)
Proof of concept and/or details of a URL demonstrating the issue
Details about any unique configuration required to reproduce the issue

How we reward

Globality will review your report and confirm that your finding is original, meaningful, impactful, and that you followed all of our rules. A Globality team member will contact you to disclose our decision and arrange payment of the monetary reward determined by the team. Our typical range of rewards is $250 to $10,000.

You can’t access or attempt to access anyone else’s data.
You can’t destroy or corrupt (or attempt to) any data, system, or infrastructure component.
You can’t perform any attack that could harm the reliability/integrity of our services, such as DDoS or spam attacks.
If you find a bug, do not disclose it to anyone but us. Do not post it anywhere until we fix it.
You may only test for vulnerabilities on sites owned and operated by Globality.
You may not impact any of our users while doing your tests.
Nontechnical attacks (phishing, social engineering, physical attacks, etc.) are prohibited and ineligible for rewards.
You may not test any website forms (including lead and message forms). Such tests are automatically disqualified.
If you have any questions, concerns, or doubts, please contact us by submitting the form above.

Whistleblower Program

Globality is committed to conducting its business in a way that is consistent with our ethics, values, and principles. Our whistleblowing program allows any interested party, including employees, vendors, contractors, consultants, and customers, to report any issues with the way in which Globality and its people do business. We use an independent external service provider to ensure that those who have genuine concerns have the confidence to raise them and are protected when they do so. Globality protects the identity of reporting individuals and will never disclose their identity to anyone without their express consent.

This program allows interested parties to report the following

Actions that may result in danger to the health and/or safety of people or damage to the environment
Violations of Globality’s security policies
Disclosing confidential and/or personal information to unauthorized parties
Abuse of Globality’s equipment or information systems
Inappropriate conduct by a manager, supervisor, or other person with authority
Criminal offenses, including fraud, bribery, corruption, and money laundering
Conflicts of interest
Anticompetitive behavior
Failure to comply with any legal obligation
Misuse of company assets, including unethical practices in finances,
internal accounting controls, financial reporting, and auditing matters
Any other legal or ethical concern
Concealment of any of the above

Whistleblowing program highlights

Any employee, contractor, customer, or any other interested party can file a report.
Reports can be filed anonymously.
Globality will make no effort to discover the identity of the reporter.
Globality will never retaliate against anyone who made a report in good faith.*
Globality will investigate each report to the best of its ability.
Reports and investigation results will be shared with the executive team.

* Unless the person making the report implicated themselves in illegal or unethical activity

Actions that may result in danger to the health and/or safety of people or damage to the environment
Violations of Globality’s security policies
Disclosing confidential and/or personal information to unauthorized parties
Abuse of Globality’s equipment or information systems
Inappropriate conduct by a manager, supervisor, or other person with authority
Criminal offenses, including fraud, bribery, corruption, and money laundering
Conflicts of interest
Anticompetitive behavior
Failure to comply with any legal obligation
Misuse of company assets, including unethical practices in finances,
internal accounting controls, financial reporting, and auditing matters
Any other legal or ethical concern
Concealment of any of the above

To use the reporting service, you may:

Any of the methods below can be used with full anonymity. Please note bug bounty requests should be submitted to bugbounty@globality.com and not through our whistleblowing program.

Call

1 866-921-6714 (USA)
or 0-800-092-3586 (UK)

Send an e-mail:

globality@integritycounts.ca

Visit

www.integritycounts.ca/org/globality
to file an online report.

Fax to

1 604.926.5668 (USA)

Mail to

PO Box 91880
West Vancouver BC V7V 4S4
Canada