Security & Responsible Disclosure
Last Updated: March 30, 2026
At Vybex, we take the security of our platform and users seriously. We appreciate the efforts of security researchers and the community in helping us identify and address vulnerabilities responsibly.
01Reporting
If you discover any security vulnerability, please report it to us at:
๐ง vybex.signal@gmail.com
What to include in your report:
- Description of the vulnerability
- Steps to reproduce
- Screenshots or proof-of-concept (PoC)
- Impact of the issue
We aim to respond within 48โ72 hours and resolve issues as quickly as possible.
02Scope
This policy applies to:
- Vybex website and web applications
- APIs and backend services
- Authentication and user account systems
03Rules
To ensure responsible disclosure, we ask that you:
- Do not access, modify, or delete user data
- Do not exploit vulnerabilities beyond proof-of-concept
- Do not perform DDoS or brute-force attacks
- Do not disrupt services or harm users
- Respect user privacy at all times
04Commitment
If you follow these guidelines:
- We will acknowledge your report
- We will investigate and fix valid issues promptly
- We will not take legal action for good faith research
05Bounty
We currently do not offer a paid bug bounty program.
However, we truly appreciate responsible disclosures and may acknowledge valid contributions.
06Safe Harbor
Legal Protection
We will not take legal action against researchers who follow this policy in good faith. We consider activities conducted under this policy as authorized, provided they comply with the guidelines mentioned above.
Thank you for helping us keep Vybex secure๐