Product Security Policy

This Product Security Policy applies to any potential vulnerabilities you wish to report to us. We recommend reviewing this policy in full before submission and ensuring that all actions remain consistent with the principles outlined herein.

Our Commitment to Product Security

At MIOFIVE, we take product security seriously. If you identify a potential vulnerability in our dashcams or related systems, we encourage you to report it to us. Your responsible disclosure helps us protect our users and continuously improve the integrity of our products.

How to Report a Security Vulnerability

If you believe you have found a security vulnerability, please submit your report to us using the following link/email:

support@miofive.com

Please include as much relevant detail as possible to help us understand and assess the issue.

What Happens After You Submit a Report

Once we receive your report, we will:

1. Acknowledge receipt within 7 working days.

2. Assess and triage the report—usually within 10 working days.

3. Engage with you if further technical details are needed.

4. Coordinate remediation internally and aim to resolve confirmed issues in a timely manner.

Once the vulnerability has been identified, we will develop and implement a remediation plan to provide a solution for all affected customers.

Remediation typically takes up to 90 days and in some cases may take longer.

5. Support coordinated disclosure once the issue has been addressed. We appreciate working together to ensure consistent communication with affected users.

Reporting Guidelines

To help us assess your report effectively, please include:

- Affected product model

- Firmware/software version

- Clear description of the issue

- Supporting evidence (e.g., screenshots, proof-of-concept)

We kindly ask that you refrain from publicly disclosing the vulnerability until we have completed our investigation and remediation.

Please Do Not:

- Break any applicable laws or regulations

- Access, modify, or delete any data that is not your own

- Use automated or destructive scanning tools

- Attempt denial-of-service attacks

- Disrupt or degrade services

- Submit non-actionable issues or theoretical concerns (e.g., missing HTTP headers)

Legal and Privacy Notes

- Conduct all research ethically and lawfully

- Respect user privacy and data protection

- MIOFIVE does not currently operate a vulnerability bounty program

- We reserve the right to update this policy as needed

Legal Disclaimer

This policy is intended to align with widely accepted best practices for responsible vulnerability disclosure. It does not grant permission to engage in any activity that would contravene applicable laws or regulations, or that could result in the Organisation—or its partners—being in breach of legal, regulatory, or contractual obligations. Individuals acting under this policy are solely responsible for ensuring their actions remain lawful at all times.

Information on Minimum Security Update Periods

MIOFIVE is committed to providing timely security updates to ensure the continued safety and reliability of its products. For the dash cam models covered by this policy, we guarantee a minimum of three (3) years of security update support from the date of first sale.

MIOFIVE reserves the right to revise or extend the security update period where appropriate, based on product lifecycle considerations, user impact, and emerging security risks. Any such changes will be made transparently and communicated through our official channels.

Last updated: July 2025