Securing your device with the latest updates is our top priority. We are committed to ensuring that our Baby Care devices, and any associated applications, are able to receive critical security updates for a minimum of four years from date of purchase.
LeapFrog is committed to ensuring the security of its customers by protecting their personal information from unwarranted disclosure. This policy is intended to give clear guidelines to security researchers on conducting vulnerability discovery activities and identification of any vulnerabilities discovered, along with a process for reporting these to LeapFrog.
This Policy does not apply to assets or other equipment owned by third parties. Vulnerabilities discovered or suspected in respect of the out-of-scope assets or equipment should be reported to the appropriate vendor or applicable authority.
To participate in the LeapFrog vulnerability disclosure programme, participants must:-
Prepared reports with any discovered vulnerabilities or suspected security concerns, should be sent by email to VulnerabilityReporting@vtech.com. We will investigate and make every effort to correct the vulnerability and/or address concerns. In order to help LeapFrog follow up concerns, we request reports in English (if possible), including the following information:
Reports may be submitted anonymously. LeapFrog will acknowledge receipt of a security issue(s) report as soon as practicable and will provide status updates until the resolution of the reported security issue(s).
If the issue reported affects a third-party library or other vendor, we reserve the right to forward the relevant details to that party without giving prior notice.
If a security researcher complies with this policy in conducting vulnerability discovery activities, we will consider those activities to be authorised. We will not initiate nor recommend any law enforcement or civil actions related to such activities.
We do not authorise, permit, or otherwise allow (expressly or implicitly) any person or legal entity to engage in any security research or vulnerability or threat disclosure activity that is inconsistent with this policy or the law. Any activities that are inconsistent with this policy or the law may lead to criminal and/or civil liabilities.
If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this Policy.
If at any time you have concerns or are uncertain whether your security research is consistent with this Policy, you are encouraged to discuss with us before you go any further. You may contact us by sending an email to VulnerabilityReporting@vtech.com.
Version: 2 Jan 2024
LeapFrog® is a registered trademark of LeapFrog Enterprises, Inc.
LeapFrog is a member of VTech Holdings Ltd. ©2024 VTech Telecommunications Ltd. All rights reserved.