Cybersecurity and Vulnerability Disclosure Policy

At Track Machines Connected Gesellschaft m.b.H (tmc), we are committed to maintaining the security and integrity of our products, services, and infrastructure. We recognize the importance of security research and welcome reports of potential vulnerabilities submitted in accordance with this policy. 

  1. Scope

This policy applies to all publicly accessible systems and applications developed or maintained by tmc, including but not limited to: 

  • Browser-based platforms (e.g., tmOS) 
  • Hardware-integrated systems (e.g., tmMCO) 
  • Backend APIs and associated infrastructure 

Out of Scope and not authorized are: 

  • Reports from automated scanning tools 
  • Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data 
  • Physical testing (e.g. office access, open doors, tailgating), social engineering (e.g. phishing, vishing), or any other non-technical vulnerability testing  
  1. How to Report a Vulnerability

Please send your report to:
security@tmconnected.com or submit it via this form

Your report should include: 

  • A detailed description of the vulnerability 
  • Affected system or service (e.g., tmOS, tmMDC, tmA2, tmENV) 
  • Technical details and reproduction steps 
  • Optional: Proof-of-concept code or screenshots 
  • Your preferred contact information 
  1. Our Commitment

We will: 

  • Acknowledge your submission within 10 business days 
  • Provide an initial assessment within 25 business days 
  • Keep you informed as we triage and resolve the issue 
  • Work with you to coordinate public disclosure (if applicable) 
  • Not pursue legal action against you if you act in good faith and comply with our disclosure policy 
  1. Data Handling

Any personal data submitted to us will be processed in accordance with our Privacy Policy (Link). We will only use your information to evaluate and respond to your report.  

  1. Acknowledgment

If you wish, we may publicly acknowledge your contribution once the issue is resolved, subject to mutual agreement. 

  1. Responsible Contact

This policy is overseen by our Chief Information Security Officer:
Michael Wachert-Rabl, CISO, Track Machines Connected 

Contact: security@tmconnected.com  

This policy was last updated on 5 August 2025. 

Contact Us