# IT Security Vulnerability and Incidents Reporting Policy

Ensuring the security and integrity of the systems of chargers from XCharge is a top priority. We appreciate your cooperation in helping us maintain a safe and secure environment for our chargers. If you discover any IT security vulnerabilities or incidents, please follow the guidelines below to report them.

## 1. Identify the Issue

Before reporting, ensure that you have identified the issue correctly. Gather as much information as possible, including:

-	Description of the vulnerability or incident: Provide a detailed explanation of the issue.
-	Steps to reproduce: If applicable, include the steps needed to reproduce the vulnerability.
-	Impact: Describe the potential impact of the vulnerability or incident on our systems or data.
-	Evidence: Attach any relevant evidence, such as photos, screenshots, logs, or error messages.

## 2. Reporting the Issue

To report any security or privacy concerns related to chargers or platforms from XCharge, please contact us at itsecurity@xcharge.com.

You can use XCharge Security PGP key to encrypt sensitive information in your email. Upon receipt, we will send you an automatic acknowledgment email. If you do not receive this email, please verify the email address and resend your message. We may follow up with additional emails if we require further information to investigate the security issue. Please provide comprehensive details of the suspected vulnerability so our security team can validate and reproduce the issue.

For our customers' protection, XCharge typically does not disclose, discuss, or confirm security issues until a full investigation has been completed and any necessary patches or updates are available.

Notifications from XCharge Product Security are signed with the XCharge Security PGP key. We recommend verifying the signature to ensure the document is authentic and has not been altered.

## 3. Provide Detailed Information

When reporting, include the following details:

-	Your Contact Information: Name, email address, and phone number.
-	Detailed Description: A clear and concise description of the vulnerability or incident. Additionally, the SN number of the charger and where is the charger installed. 
-	Steps to Reproduce: Detailed steps to reproduce the issue, if applicable.
-	Impact Assessment: Your assessment of the potential impact.
-	Evidence: Any supporting evidence, such as photos, screenshots, logs, or error messages.

## 4. Our Commitment

Upon receiving your report, we will conduct a thorough investigation of the reported issue, take appropriate measures to mitigate the vulnerability or address the incident, and keep you informed of the status and resolution of the issue.

## 5. Thank You
We appreciate your efforts in helping us maintain the security and integrity of our systems. Your cooperation is invaluable in ensuring a safe and secure environment for everyone. For any questions or further assistance, please do not hesitate to contact us at itsecurity@xcharge.com. Thank you for your vigilance and support.