We committed to ensuring that Twenty-One products are secure in order to protect the privacy of our valued customers. We constantly strive to improve our safeguards for security and personal information in accordance with all applicable laws and regulations, and we welcome all reports from our customers about product-related security or privacy issues. Any information you supply to Twenty-One will only be used to help resolve the security vulnerabilities or issues you have reported. This process may include contacting you for further relevant information.

How to Submit a Vulnerability:

To submit a vulnerability report to Twenty-One Product Security Team, please utilise the following,

Email: support@what-if.sg

Your full name, and a means of contacting you. This can be an email address, a phone number or any other preferred way we can use to get in touch with you. If you provide a phone number, please include the full country code, area code and extension number (if applicable).

Full and detailed information about the issue you wish to report. This should include the following information, as applicable:

The name of the Twenty-One service(s) or system(s) that your concern relates to.

The product type, product name and model number of the affected hardware products.

The name, description and version number of any affected Twenty-One software products.

A full and detailed description of the problem or issue, along with any background information that you believe is relevant, and any other pertinent information that may help us reproduce and/or resolve the issue.

Responsible reporting guidelines

Do not attempt to access or modify any Twenty-One services, systems, products, or software without authorization.

Do not disclose, or modify, destroy or misuse any data you may discover.

All information given to or received from any party relating to the reported issues must remain completely confidential.

Expected vulnerability resolution

• Critical within 14 days of being verified

• High within 28 days of being verified

• Medium within 60 days of being verified

• Low within 100 days of being verified

If you have any inquiries, questions, comments or complaints about the security advisory page, please feel free to contact support@what-if.sg