SECURITY POLICY

MIXR LTD offers a wide range of services that are used by millions of people around the world.

Focusing on AR and location detection, MIXR LTD stores valuable data that we want to protect

from malicious threats. Security reports help us ensure the security of our data and players.

Thank you for your help!

Report a vulnerability

We appreciate the work of security researchers and would like to invite everyone who is willing to

take the time to help MIXR LTD to improve security to share their opinion with us. MIXR LTD is

committed to interacting with the community and is grateful for your contribution!

If you would like to report a security issue that you have discovered, be sure to read our terms and

conditions and comply with them before submitting reports to us.

Domains

*.mixr.tech

*.metatrace.me

*.mytrc.me

Services and corresponding servers

MetaTrace

TraceWallet

TraceMarket

MetaFora

Types of vulnerabilities

Disclosure of information such as application and version banners, stack traces, server errors, inter-

nal IP addresses, or path disclosure;

Brute force attacks using a username/password, account blocking, listing a username/email

address (attacks that go beyond blind testing may be considered);

Any physical attacks on MIXR LTD Facilities or Property or employees;

Any social engineering attacks (e.g. phishing, email spoofing or self-XSS);

Open redirects;

Problems with TLS/SSL;

Any exhaustion и disruptive атаки, such as (Distributed) denial of service, spam requests, slow-lo-

ris, etc.;

Click-jacking;

CSRF Issues Affecting Account Integrity;

Cookie security (e.g. secure flag);

Outdated or known vulnerable software (problems of high severity can still be considered depend-

ing on the possible impact);

Fraud incidents or problems related to in-game exploits.

We will make every reasonable effort to investigate and resolve the reported problem within 90

days. However, in some cases MIXR LTD may need more time, but we will contact you. Do not

share information about the report until MIXR LTD informs you that the problem has been solved,

so that attackers cannot use your information and do not harm the ecosystem of Services and

other users of these Services.

Do not change any data that you have accessed as a result of your investigation, so as not to harm

the ecosystem of Services and other users of these Services.

Avoid privacy violations and disruptions, including (but not limited to) affecting the quality of

service through (D)DoS, data deletion, or access to personal accounts (for example, through phish-

ing). You remain personally responsible for any privacy violations, failures, or any violations of

applicable laws or regulations that you commit, even if you participate in the search for security

vulnerabilities. Don't try to exploit the vulnerability (for example, don't try to access a machine or

perform a pivot/scan of an already compromised one to demonstrate additional risk).

Don't try to exploit the vulnerability (for example, don't try to access a machine or perform a

pivot/scan of an already compromised one to demonstrate additional risk).

Do not violate any other applicable laws or regulations.

You acknowledge that any report or information you provide to MIXR LTD constitutes a "Review"

as defined in our user agreement of the Terms of Service, and you agree to the said user agreement

of the Terms of Service.

You acknowledge that providing us with a report or any feedback does not entitle you to any remu-

neration, compensation or remuneration of any kind.