Security Disclosure Policy

1. Reporting a security issue

Email contact@duoreels.com with a clear description of the issue. Please give us a reasonable opportunity to investigate and remediate before any public disclosure.

2. What to include

• A description of the vulnerability and its potential impact.
• Steps to reproduce, including affected URLs or endpoints.
• Any proof-of-concept that does not access or modify other users’ data.
• Your contact information for follow-up.

3. Safe-harbor intent

If you make a good-faith effort to comply with this policy, conduct genuine security research, and avoid privacy violations and service disruption, we will not pursue action against you for that research. This is not a waiver of any third party’s rights or of legal obligations.

4. Prohibited testing

• Accessing, downloading, modifying, or deleting data that is not yours (no data exfiltration).
• Destructive testing or anything that degrades the Service for others.
• Spam, phishing, or social-engineering of our users or staff.
• Physical attacks against facilities or personnel.
• Denial-of-service (DoS/DDoS) or volumetric/load testing.
• Automated scanning that generates excessive traffic.

5. Response expectations

We will acknowledge legitimate reports and work to validate and address confirmed issues based on severity. We cannot commit to specific timelines.

6. No bug bounty

We do not currently operate a paid bug-bounty program and do not promise rewards for reports. We appreciate responsible disclosure.

7. Responsible disclosure

Please keep details of unresolved vulnerabilities confidential until we have had a reasonable opportunity to remediate.

8. Contact

Security reports: contact@duoreels.com.