// responsible disclosure

Responsible disclosure policy

We take security seriously and welcome good-faith reports from researchers. If you believe you have found a vulnerability in NeoShield Security, please tell us before disclosing it publicly so we can fix it and protect our users.

How to report

Send details through our contact form (or the address in our security.txt). Include the affected URL or component, reproduction steps, and any proof-of-concept needed to understand the issue.

Scope

• In scope: the NeoShield Security web application and its public tools.
• Out of scope: denial-of-service, social engineering, physical attacks, automated scanner noise without a demonstrated impact, and findings affecting third-party services (Stripe, Google, Anthropic).

Guidelines for good-faith research

• Do not access, modify, or destroy data that is not yours, and do not degrade the service.
• Use only test accounts and your own data where possible.
• Give us a reasonable time to remediate before any public disclosure.

What to expect from us

• We will acknowledge your report and keep you updated on remediation progress.
• We will not pursue action against researchers who act in good faith and follow this policy.
• With your permission, we are happy to credit you once an issue is resolved.

This policy describes our intent for good-faith research; it is not a contract and may be updated as the platform evolves.

Report an issue Trust & data handling Security