🔐 Security Policy

Purpose

We take the security of our systems seriously and appreciate responsible disclosure of security vulnerabilities. This policy outlines how to report security issues to us in a safe and lawful manner.

🔎 Reporting a Vulnerability

If you discover a security vulnerability in our systems, please:

• Do not exploit the vulnerability (e.g., to view or alter data)
• Do not disclose the vulnerability publicly until we have addressed it
• Provide sufficient detail to help us reproduce the issue

Please send reports to: [email protected]

⏱️ What You Can Expect

• We will acknowledge your report within 72 hours
• We will investigate and may reach out for more information
• We will notify you when the issue is resolved (if valid)

🧭 Scope

This policy applies to:

• Public websites and applications operated by us
• APIs and other services we maintain

This policy does not cover:

• Third-party platforms or vendors (e.g., payment providers)
• Tests that affect service availability (e.g., DoS attacks)

✅ Acceptable Conduct

• You may conduct responsible testing of publicly available endpoints (e.g., for XSS, CSRF)
• Do not use automated scanning tools
• Do not access personal data, modify records, or attempt to log into other user accounts

📌 Disclaimer

We reserve the right to update this policy at any time. By submitting a vulnerability report, you agree to the terms in this policy.