Security Policy

We take the security of DotDot and the safety of our users seriously.

Reporting a vulnerability

If you believe you've found a security vulnerability in DotDot, we encourage you to report it responsibly. Please send your findings to:

[email protected]

Please include "Security Report" in the subject line.

You can also find this information in our security.txt file, following the RFC 9116 standard.

What to include

To help us understand and address the issue quickly, please include:

A description of the vulnerability and its potential impact
Steps to reproduce the issue
The URL or component where the issue was found
Any relevant screenshots or logs

Our commitment

Acknowledgment: We will acknowledge receipt of your report within 48 hours.

Communication: We will keep you informed of progress toward fixing the vulnerability.

Credit: We are happy to credit security researchers who report issues responsibly, if desired.

No legal action: We will not take legal action against researchers who report vulnerabilities in good faith and follow responsible disclosure practices.

Responsible disclosure

We ask that you:

Give us reasonable time to investigate and fix the issue before public disclosure
Avoid accessing or modifying other users' data
Act in good faith to avoid disruption to our service and users
Do not use automated scanning tools that generate significant traffic

Scope

This policy applies to the following:

dotdot.sivoov.app (web application)
DotDot API endpoints
Authentication and authorization mechanisms
User data privacy and protection

For general questions or non-security concerns, please visit our contact page or email us at [email protected].