Security Policy

Reporting Security Vulnerabilities

We encourage security researchers and users to report potential security vulnerabilities in a responsible manner. Please follow these guidelines when reporting security issues:

What to Include

When reporting a vulnerability, please provide as much detail as possible:

• Description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Affected URLs, pages, or functionality
• Browser/device information if relevant
• Screenshots or proof-of-concept (if safe to include)
• Any suggested remediation steps

Responsible Disclosure

We believe in responsible disclosure and ask that you:

• Give us reasonable time to investigate and address the issue before any public disclosure
• Avoid accessing, modifying, or deleting data that doesn't belong to you
• Do not perform testing that could harm our users or degrade our service
• Respect user privacy and data protection laws

Our Commitment

When you report a security vulnerability to us, we commit to:

• Respond to your report within 48 hours
• Keep you informed of our progress in addressing the issue
• Credit you for the discovery (if desired) once the issue is resolved
• Work with you to understand and resolve the issue quickly

Security Measures

Divers Buddy implements various security measures to protect our platform and users:

• Regular security audits and vulnerability assessments
• Secure coding practices and code reviews
• HTTPS encryption for all communications
• Regular dependency updates and security patches
• Data privacy and protection measures

Out of Scope

The following issues are generally considered out of scope:

• Issues affecting outdated browsers or operating systems
• Social engineering attacks
• Physical security issues
• Denial of Service (DoS) attacks
• Issues requiring physical access to a user's device
• Reports about third-party services we integrate with