Security Policy

Reporting Security Vulnerabilities

At Notisefy, we take the security of our platform seriously. We appreciate the efforts of security researchers and users who help us maintain a secure environment for all our customers.

If you discover a security vulnerability, please report it to us at [email protected]

What to Include

When reporting a vulnerability, please include:

• A detailed description of the vulnerability
• Steps to reproduce the issue
• Potential impact and severity assessment
• Any proof-of-concept code or screenshots
• Suggested remediation if available
• Your contact information for follow-up

Our Commitment

• We will acknowledge your report within 48 hours
• We will provide regular updates on our progress
• We will credit you for your discovery (if desired)
• We will not take legal action against researchers who follow responsible disclosure

Researchers who report valid vulnerabilities will be recognized on our Security Acknowledgments page (with your consent).

In Scope

• Cross-Site Scripting (XSS)
• SQL Injection
• Authentication and authorization flaws
• Remote code execution
• Server-side request forgery (SSRF)
• Sensitive data exposure
• Security misconfigurations

Out of Scope

• Social engineering attacks against Notisefy staff or users
• Physical attacks against our infrastructure
• Denial of Service (DoS/DDoS) attacks
• Spam or abuse of our service
• Issues in third-party services we use
• Vulnerabilities requiring unlikely user interaction
• Reports from automated scanners without validation

Responsible Disclosure Guidelines

We ask that you:

• Do not access or modify user data without explicit permission
• Do not perform actions that could harm the availability of our service
• Do not publicly disclose the vulnerability until we have had time to address it
• Do not exploit the vulnerability for personal gain
• Make a good faith effort to avoid privacy violations and data destruction