VULNERABILITY DISCLOSURE POLICY (VDP) ===================================== Eliohz.com welcomes reports of security vulnerabilities from public sources, including researchers, bug bounty hunters, and IT professionals. We are especially interested in vulnerabilities that could impact the confidentiality, integrity, or availability of user data or our services. We deeply value the efforts of the security community and appreciate your contributions to making our systems more secure. ------------------------- SCOPE ------------------------- - Any public-facing surfaces under eliohz.com - Any of our provided or maintained services ------------------------- LEGAL ------------------------- Eliohz.com will not take legal action against security research that complies with this policy and is intended to improve the security of our systems. If a third party initiates legal proceedings against you in connection with such research, we will take reasonable steps to prevent further legal escalation, provided your activities were in good faith and caused no harm. ------------------------- HOW TO REPORT ------------------------- Please report vulnerabilities by emailing vdp@eliohz.com. Include the following in your report: - A clear description of the vulnerability or bug - A proof of concept (PoC) or reproducible steps - Any sensitive details may be obfuscated or submitted via an encrypted/private channel if needed - Reports must be written in **English** or **German** Please DO NOT submit: - Reports generated solely by automated tools - Known or already public vulnerabilities without novel context ------------------------- WHAT ELIOHZ.COM WILL DO ------------------------- - Acknowledge your report within **14 calendar days** - Work with you in good faith to validate the issue - Provide an expected timeline for resolution (typically within 180 days) ------------------------- RESTRICTIONS ------------------------- The following actions are NOT permitted: - Compromising user or system confidentiality, integrity, or availability - Any form of social engineering against users, contributors, or maintainers - Use of automated scanning or submission tools without prior consent Violation of these guidelines may result in legal action under applicable Swiss law. ------------------------- THANK YOU ------------------------- We greatly appreciate your help in making eliohz.com safer for everyone.