SECURITY MAINTENANCE PERIOD POLICY

BlackVue places the security of its products and services at the forefront of its priorities.

This dedication lies in the constant monitoring, detection, and correction of any security vulnerabilities that may emerge in its products, whether hardware, software or services, for the entire duration of their support period.

BlackVue guarantees that the support period for its products will be at least 5 years. Should the defined support period be extended for any reason, this will be communicated through this website or via the BlackVue app.

VULNERABILITY DISCLOSURE POLICY

NWX Limited, which operates under the trade name BlackVue UK as the exclusive distributor of BlackVue dashcams in the UK, offers products that adhere to the Product Security and Telecommunications Infrastructure (PSTI) Regulations 2023. These regulations set forth security requirements for connected devices sold in the UK.

The vulnerability disclosure policy we follow is applicable to any security issues you may identify and consider reporting to us. We advise you to read through our policy thoroughly before submitting a report and to always follow its guidelines.

We greatly appreciate the efforts of individuals who report security vulnerabilities in accordance with our policy.

If you have discovered a potential security vulnerability on our website or within any of our products, please send your findings to security@blackvue.co.uk. Include in your report:

• The specific location (URL or product) where the vulnerability was found.
• A concise explanation of the vulnerability type.
• Steps to reproduce the issue in a safe and non-harmful way, acting as a proof of concept. This approach allows us to swiftly and effectively assess the report, minimizing the chance of unreported duplicates or harmful exploitation of the vulnerability.

Upon receiving your report, we aim to reply within 5 working days and to assess (triage) the report within 10 working days. We intend to keep you updated on our progress.

The priority for addressing vulnerabilities is determined by evaluating their impact, severity, and the complexity of their exploitation. Please understand that resolving vulnerabilities may take time. While we welcome follow-up inquiries, we kindly ask that you limit these to no more than once every 14 days, allowing our team to concentrate on resolving the issue.

Once the reported vulnerability has been successfully addressed, we will notify you. You may then be invited to verify that the implemented solution effectively mitigates the vulnerability, ensuring a thorough and effective security enhancement.