Vulnerability Disclosure Policy

At Doozy, we prioritize the security and privacy of our users and systems. We welcome and appreciate the contributions of external security researchers who act in good faith to help us maintain a secure platform.

Reporting Vulnerabilities

If you discover a vulnerability or have security concerns, please report them to:

• Security: [email protected]
• CEO (Milo Hill): [email protected]

We commit to responding to all security-related inquiries within 24 hours.

Guidelines for Security Researchers

We kindly ask all security researchers to:

1. Act responsibly to avoid privacy breaches, service disruptions, and data loss during testing.
2. Provide clear, concise reports with proof-of-concept when possible.
3. Only use your own accounts or designated test accounts for research purposes.
4. Maintain confidentiality about any discovered vulnerabilities for 30 days after reporting, allowing us time to address the issue.

Our Commitments

If you adhere to these guidelines, we pledge to:

1. Not pursue or support any legal action related to your research.
2. Work diligently to understand and resolve reported issues promptly.
3. Provide an initial confirmation of your report within 24 hours.

Scope

This policy applies to all Doozy-owned properties, including our website (doozy.live), mobile applications, and API endpoints. Third-party integrations and social media accounts are not included in this scope.

We value the security community's efforts in helping us create a safer platform for all our users. Thank you for your cooperation and support in keeping Doozy secure.