Skip to content

Security Policy

We practice what we preach. Learn about our security practices, bug bounty program, and compliance.

Responsible Disclosure

If you discover a vulnerability, we want to hear from you. We appreciate your help in keeping our platform safe.

Report a Vulnerability →

Infrastructure Security

All traffic encrypted with TLS 1.3. Infrastructure hosted on AWS/GCP with SOC 2 compliance.

1. Responsible Disclosure Program

Please email security@vibesecure.dev with:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment

We aim to acknowledge reports within 2 hours and provide a preliminary assessment within 24 hours.

2. Bug Bounty Program

We offer rewards for qualifying vulnerabilities found in our Main Website, Dashboard, and API.

SeverityExamplesReward
CriticalRCE, Auth bypass$1,000 - $5,000
HighSQLi, IDOR$500 - $1,000
MediumXSS, CSRF$100 - $500

3. Security Practices

Infrastructure

  • Network Security: TLS 1.3, WAF, DDoS protection.
  • Cloud Security: SOC 2 compliant providers, encrypted storage.
  • Access Control: MFA required, Principle of least privilege.

Application

  • Secure Development: Automated scanning in CI/CD, mandatory code review.
  • Data Protection: Customer code processed in isolated containers and deleted within 72 hours.

4. Compliance

  • GDPR: Compliant
  • CCPA: Compliant
  • SOC 2 Type II: In Progress

5. Contact

Security Team: security@vibesecure.dev
Compliance: compliance@vibesecure.dev