As stated above, active research of vulnerabilities (e.g., scans) is not authorised. Also note that the following activities are strictly forbidden and monitored: 

• any activity that could lead to the disruption of our services (DoS, DDoS, spam, etc...); 
• any activity that would threaten the integrity of user data; 
• any activity that would breach the confidentiality of user data; 
• usage of automated tools to find vulnerabilities; 
• any fraudulent transaction.

Swissquote Group reserves the right to bring any legal action against any person acting in a manner considered as illegal, illicit or as infringing the above. 

This program applies to the following: 

• domains where Swissquote Group Holding SA is listed as the Registrant Organisation, more specifically domains under  "swissquote.ch" and "swissquote.com"; "library.swissquote.com" is excluded from the above;
• domains where YUH SA is listed as the Registrant Organisation; 
• mobile applications published by Swissquote Mobile on the Android Play Store; 
• mobile applications published by Swissquote on the Apple Store. 

Certain vulnerabilities are considered out of scope for this program. These include: 

• outdated or vulnerable software versions if no clear exploitability can be demonstrated; 
• bugs requiring non‑trivial prior knowledge, such as a session token, as prerequisite; 
• missing best practices in SSL/TLS configuration; 
• social engineering related issues; 
• physical security of Swissquote Group property.