Vulnerability Disclosure Policy

Introduction
At Deepdots, the security of our systems and the protection of our users’ data is our top priority. We appreciate the contribution of the security research community and welcome reports of potential vulnerabilities in our systems.

Reporting a Vulnerability
If you believe you have discovered a security vulnerability in one of our products or platforms, please report it to us as soon as possible. Please use our contact form and share your findings.

In your report, please include:

• A description of the vulnerability and its potential impact.
• Steps to reproduce the issue (including scripts, screenshots, or videos if available).
• The specific URL or component affected.

Our Commitment

If you report a vulnerability to us in accordance with this policy, we commit to:

• Acknowledge receipt of your report promptly (usually within 2-3 business days).
• Review and verify the issue.
• Work to resolve the issue in a timely manner.
• Not pursue legal action against you (Safe Harbor), provided you act in good faith and follow the guidelines below.

Guidelines & Scope

We ask that you:

• Make every effort to avoid privacy violations, degradation of user experience, and disruption to production systems.
• Do not access, modify, or delete data that does not belong to you.
• Give us reasonable time to correct the issue before making any information public.

Out of Scope (Do not test)

• Social engineering (phishing) of our employees or contractors.
• Physical security of our offices.
• Denial of Service (DoS/DDoS) attacks.
• Automated scanning tools that generate significant traffic.

Compensation

Please note that Deepdots does not currently maintain a paid bug bounty program. We do not offer financial rewards for vulnerability reports. However, we may offer a sincere “thank you” or public acknowledgment for significant contributions, at our discretion.