Responsible Disclosure Policy

At Proven Valor, we take the security of our systems and user data very seriously. We value the contributions of security researchers and the broader security community, and we are committed to addressing security vulnerabilities promptly and effectively.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in any of our systems, products, or services, we encourage you to let us know right away. We appreciate your efforts to help us maintain a safe and secure environment for our users.

To report a vulnerability, please email us at [email protected].

Include the following details in your report:

  • A description of the vulnerability
  • The steps required to reproduce the issue
  • Any proof-of-concept code or screenshots (if available)
  • Your name and contact information (optional, but helpful for follow-up)

Our Commitment

We are committed to working with security researchers who submit vulnerability reports to us in good faith. As part of this commitment, we will:

  • Acknowledge receipt of your vulnerability report as soon as we can.
  • Provide an estimated timeline for addressing the vulnerability.
  • Notify you when the vulnerability has been addressed and, if applicable, publicly disclose the details of the fix.

Guidelines

To protect our users and systems, we ask that you:

  • Give us a reasonable amount of time to address the issue before disclosing it publicly.
  • Avoid violating privacy, destroying data, or disrupting our services while researching the vulnerability.
  • Make a good faith effort to avoid privacy violations and destruction of data.
  • Only interact with accounts you own or have explicit permission to test.

Legal

We will not take legal action against security researchers who report vulnerabilities to us in good faith and follow the guidelines outlined in this policy. However, we reserve the right to take legal action if there is evidence of malicious intent, fraud, or a violation of applicable laws.

Recognition

We recognize and appreciate the efforts of security researchers who help us improve our security. While we do not offer a formal bug bounty program, we may, at our discretion, provide recognition and/or rewards for significant vulnerability reports.

Thank you for helping us keep Proven Valor and our users safe.