Vulnerability Disclosure Policy
Last Updated: August 2025
We care about the security of our website, our customers, and their data. If you believe you have found a security vulnerability in our systems, we want to hear from you.
Please email security issues to: hello@malachyte.com. Include as much detail as possible including screenshots, URLs, parameters, request-response dumps, etc.
WHAT WE EXPECT OF YOU:
Act in good faith to avoid privacy violations, destruction of data, or interruption of our services;
Do not access, modify, or delete data that is not your own;
Do not publicly disclose the issue before we have had a reasonable time to investigate and fix it;
Keep your testing within scope.
OUT OF SCOPE
The following are not considered security vulnerabilities and are out of scope for this policy:
Spam or social engineering;
Denial-of-Service (DoS) attacks;
Vulnerabilities in third-party services not controlled by us.
OUR COMMITMENT
As long as you stay within scope and adhere to the terms of this policy, we will not take legal action against individuals who discover and report security issues to us in good faith. We will work with you to understand and resolve the issue quickly and will keep you informed of our progress.
RECOGNITION
We appreciate your help in keeping our systems safe. While we do not offer a paid bug bounty at this time, we are happy to send you a $100 gift-card.