We are an electric performance car brand, determined to improve the society we live in. We innovate to drive progress and create a better future. At Polestar we value security and recognise the importance of ensuring the integrity and confidentiality of global communications.
We are an electric performance car brand, determined to improve the society we live in. We innovate to drive progress and create a better future. At Polestar we value security and recognise the importance of ensuring the integrity and confidentiality of global communications.
If you believe you have discovered a vulnerability or have a security issue to report, please submit a bug report (See below for participation requirements). Polestar information security team will make best efforts to meet the following response timelines for researchers participating in our programme:
If you believe you have discovered a vulnerability or have a security issue to report, please submit a bug report (See below for participation requirements). Polestar information security team will make best efforts to meet the following response timelines for researchers participating in our programme:
*.polestar.com
(Ensure that the asset is owned and operated by Polestar.)
*.polestar.com
(Ensure that the asset is owned and operated by Polestar.)
Third-party websites:
Domains registered to Polestar, but hosted by a third party.
Third-party websites:
Domains registered to Polestar, but hosted by a third party.
Participation in the programme is a voluntary initiative. By participating in the programme, you agree to be bound by the terms specified in this programme. If you do not wish to, or cannot comply with these terms, you cannot participate in the programme.
Participation in the programme is a voluntary initiative. By participating in the programme, you agree to be bound by the terms specified in this programme. If you do not wish to, or cannot comply with these terms, you cannot participate in the programme.
You must meet the following criteria to be eligible to participate:
You must meet the following criteria to be eligible to participate:
- You must be either the legal age of majority in your country or at least 15 years of age with permission from your legal guardian that you may participate in the programme;
- When acting as a participant, you are not violating any other agreement to which you may be a party - we are not liable for any breach of such third party agreement by you and disclaim any knowledge of or responsibility for your conduct;
- You are not listed under or resident in a country that is under a US, Switzerland, European Union, or United Nations embargo or sanctions list; and
- You are not an employee, contractor, representative, or a family member of a Polestar employee, contractor, or representative
- Security issues/best practices that can’t be exploited with real impact
- Social engineering Polestar employees, contractors, or customers
- Denial of Service attack
- Email Spoofing
- Missing HTTP security headers, unless accompanied by a detailed proof of concept exploit that leverages their absence
- Use of a library with known vulnerabilities (without evidence of further exploitation)
- Reports of insecure SSL/TLS ciphers or weak signature algorithms, unless accompanied by a working proof of concept of an exploit
Send an email to vdp@polestar.com, Write your report with a clear explanation consisting of:
Send an email to vdp@polestar.com, Write your report with a clear explanation consisting of:
- Vulnerability Description
- Steps to Reproduce Vulnerability
- Proof of Concept Screenshots/Code
- Impact
- Remediation (Optional)
Polestar wishes to thank and acknowledge the security researchers who are the first to identify vulnerabilities. Thanks to their support and the countermeasures developed by us, we continue to enhance the security of our products and services.
Polestar wishes to thank and acknowledge the security researchers who are the first to identify vulnerabilities. Thanks to their support and the countermeasures developed by us, we continue to enhance the security of our products and services.
Any information that you access, acquire, receive or collect about us, our affiliates or any of our users, consumers, employees or agents (“Confidential Information”) must be kept confidential and used only to provide us with the specific reporting that is requested in these Terms. You may not use, disclose or distribute any such Confidential Information in any other manner without our prior written consent.
You agree that the Submission and the described Vulnerability shall be deemed the Confidential Information of Polestar and you shall not publish, discuss or disclose the Submission or the Vulnerability in any manner or to any third parties. You may publish and discuss the Vulnerability only after receiving notice that the Vulnerability is fixed, subject to the prior written consent of Polestar, which shall not be unreasonably withheld. Any publication shall not name Polestar or reveal any Confidential Information.
Any information that you access, acquire, receive or collect about us, our affiliates or any of our users, consumers, employees or agents (“Confidential Information”) must be kept confidential and used only to provide us with the specific reporting that is requested in these Terms. You may not use, disclose or distribute any such Confidential Information in any other manner without our prior written consent.
You agree that the Submission and the described Vulnerability shall be deemed the Confidential Information of Polestar and you shall not publish, discuss or disclose the Submission or the Vulnerability in any manner or to any third parties. You may publish and discuss the Vulnerability only after receiving notice that the Vulnerability is fixed, subject to the prior written consent of Polestar, which shall not be unreasonably withheld. Any publication shall not name Polestar or reveal any Confidential Information.
For the purposes of this programme “Intellectual Property Rights” means: including without limitation, rights in patents, trademarks, service marks, trade names, other trade-identifying symbols and inventions, copyrights, design rights, database rights, rights in know-how, trade secrets and any other intellectual property rights arising anywhere in the world, whether registered or unregistered, and applications for the grant of any such rights.
For the purposes of this programme “Intellectual Property Rights” means: including without limitation, rights in patents, trademarks, service marks, trade names, other trade-identifying symbols and inventions, copyrights, design rights, database rights, rights in know-how, trade secrets and any other intellectual property rights arising anywhere in the world, whether registered or unregistered, and applications for the grant of any such rights.
Nothing in this programme grants you any Intellectual Property Rights or any other rights or licenses in our products. You acknowledge and agree that Polestar shall own any and all content or data that is revealed, discovered, or accessed as a result of your participation in the programme.
Nothing in this programme grants you any Intellectual Property Rights or any other rights or licenses in our products. You acknowledge and agree that Polestar shall own any and all content or data that is revealed, discovered, or accessed as a result of your participation in the programme.
How we use your personal data:
How we use your personal data:
Polestar Performance AB (referred to as “Polestar”, “we” and “our”) process your personal data , name, e-mail address, when you report a bug to Polestar. The purpose of our processing is to administer the bug report and to contact you if we need more information about the bug you have reported. The legal basis for our processing is our legitimate interest to improve the security of our products and services. We retain your personal data until we agree that the reported vulnerability has been resolved.
Polestar share your personal data with processors that assist us in the process. These service providers include our cloud software and data hosting providers. The processing is limited by contract in their ability to use your personal data for any purpose other than to provide services for us in compliance with the data processing agreement in place. In relation data processors located outside of the EEA, where the destination country is not subject to an adequacy decision by the European Commission, we will transfer your personal data with the basis of the Standard Contractual Clauses adopted by the European Commission, available here. We take technical and organisational measures during the transfer to the relevant country outside the EU/EEA when necessary.
Polestar Performance AB (referred to as “Polestar”, “we” and “our”) process your personal data , name, e-mail address, when you report a bug to Polestar. The purpose of our processing is to administer the bug report and to contact you if we need more information about the bug you have reported. The legal basis for our processing is our legitimate interest to improve the security of our products and services. We retain your personal data until we agree that the reported vulnerability has been resolved.
Polestar share your personal data with processors that assist us in the process. These service providers include our cloud software and data hosting providers. The processing is limited by contract in their ability to use your personal data for any purpose other than to provide services for us in compliance with the data processing agreement in place. In relation data processors located outside of the EEA, where the destination country is not subject to an adequacy decision by the European Commission, we will transfer your personal data with the basis of the Standard Contractual Clauses adopted by the European Commission, available here. We take technical and organisational measures during the transfer to the relevant country outside the EU/EEA when necessary.
You have specific legal rights granted by the General Data Protection Regulation. You can object to our processing of your data, access the data we hold about you, ask for rectification or restriction of your data, request that we delete your data, and finally you can file a complaint with a data protection supervisory authority. In order to exercise your rights, please use this web form or contact our Data Protection Officer, contact details stated on polestar.com/privacy-policy
You have specific legal rights granted by the General Data Protection Regulation. You can object to our processing of your data, access the data we hold about you, ask for rectification or restriction of your data, request that we delete your data, and finally you can file a complaint with a data protection supervisory authority. In order to exercise your rights, please use this web form or contact our Data Protection Officer, contact details stated on polestar.com/privacy-policy