Resumen

Si descubres una vulnerabilidad de seguridad en nuestros sistemas:

1. Repórtala por correo electrónico a mike@lovd.app
2. Describe la vulnerabilidad en detalle con los pasos para reproducirla
3. Danos tiempo razonable para responder antes de divulgarla públicamente
4. Nosotros prometemos: Confirmación dentro de 48 horas, actualizaciones regulares y protección contra acciones legales

Fuera de alcance: Ataques DoS, spam, ingeniería social, ataques físicos y aplicaciones de terceros.

Política de Divulgación Responsable Completa (Inglés)

At lovd, we take security seriously. We appreciate the security research community and believe in responsible disclosure of security vulnerabilities.

Reporting a Vulnerability

If you believe you've discovered a security vulnerability in our systems, please follow these steps:

• Email us at mike@lovd.app with a detailed description of the vulnerability.
• Include steps to reproduce the issue
• Provide any proof-of-concept code if applicable
• Allow us reasonable time to respond and address the issue before public disclosure

Our Commitment

When working with us, you can expect:

• Acknowledgment of your report within 48 hours
• Regular updates on the progress of your report
• Recognition for your contribution (if desired)
• Protection from legal action when following our responsible disclosure policy

Scope

This policy applies to all lovd products and services, including:

• Our web applications and APIs
• Mobile applications
• Infrastructure components

Out of Scope

The following are not considered valid vulnerabilities under this policy:

• Denial of Service (DoS) attacks
• Spam or social engineering attacks
• Physical security attacks
• Third-party applications or websites