Security Policy

Effective Date: May 22, 2025

At wordpractice.io, we prioritize the security and integrity of our platform. We encourage responsible disclosure of vulnerabilities to ensure the safety of our users and the robustness of our services.

How to Report a Vulnerability

If you identify a security vulnerability that affects the confidentiality, integrity, or availability of our services, please report it to us promptly. To facilitate a swift and effective response, include the following details in your report:

• Description: A clear and concise explanation of the vulnerability.
• Proof of Concept: Steps to reproduce the issue or a demonstration.
• Impact Assessment: Potential consequences of the vulnerability.
• Supporting Materials: Any relevant screenshots, logs, or other evidence.

Reporting Channels:

• Email: [email protected]
• Discord: Create a ticket in our Discord Server

Note: For non-security-related bugs or feature requests, please use our standard support channels or issue tracker.

Submission Guidelines

To ensure a responsible and effective disclosure process, please adhere to the following guidelines:

• Avoid Disruption: Do not engage in activities that could disrupt our services, such as denial-of-service attacks or automated scanning.
• Respect Privacy: Do not access, modify, or delete data that does not belong to you.
• Use Test Accounts: Conduct testing using your own accounts or test accounts provided by us.
• No Public Disclosure: Refrain from publicly disclosing the vulnerability until we have had an opportunity to address it.

Our Commitment

Upon receiving your report, we commit to:

• Acknowledgment: Respond within 72 hours to confirm receipt of your report.
• Assessment: Investigate the reported issue and assess its impact.
• Resolution: Work towards a timely resolution of the vulnerability.
• Recognition: Acknowledge your contribution in our security hall of fame, if desired.

Legal Safe Harbor

We will not pursue legal action against individuals who:

• Engage in testing that adheres to this policy.
• Report vulnerabilities promptly and without malicious intent.
• Avoid accessing or modifying data without authorization.

This policy does not grant permission to access, download, or modify data that does not belong to you.

Policy Updates

We may update this Security Policy from time to time. Changes will be posted on this page, and we encourage you to review it periodically.