Toothmonk's Responsible Disclosure Policy
At Toothmonk, we prioritize the security of our platform, customers, and partners. We are committed to protecting our users’ data and ensuring a safe and secure online experience. If you have discovered a potential security vulnerability in our systems, we appreciate your help in reporting it responsibly.
Scope
This policy applies to security vulnerabilities related to:
- Toothmonk Website & Web Applications (www.toothmonk.com)
- Toothmonk Mobile Applications (if applicable)
- Toothmonk APIs & Infrastructure
Reporting a Vulnerability
If you identify a potential security vulnerability, please report it to us by sending an email hello@toothmonk.com with the following details:
- A clear description of the vulnerability, including its impact.
- Steps to reproduce the issue.
- Any supporting materials (screenshots, code snippets, logs) that help us understand the vulnerability.
- Your contact details so we can follow up if needed.
Responsible Disclosure Guidelines
To ensure ethical and responsible reporting, we request that you:
Report vulnerabilities promptly and provide detailed information.
Give us a reasonable amount of time to investigate and fix the issue before making it public.
Avoid exploiting the vulnerability for malicious purposes.
Do not access, modify, or delete any data beyond what is necessary to demonstrate the vulnerability.
Do not disrupt services or impact other users while testing for vulnerabilities.
What You Can Expect From Us
- We will acknowledge your report within 48 hours and begin investigating the issue.
- We will provide updates on the resolution process.
- If the issue is valid and significant, we may offer public recognition or other rewards as a token of appreciation.
- We will work to resolve the issue as quickly as possible.
Exclusions
The following are outside the scope of this policy:
- Spam, phishing, or social engineering attacks on Toothmonk employees, users, or partners.
- Denial-of-Service (DoS) attacks or any activity that disrupts our services.
- Use of automated scanners that generate excessive traffic.
- Physical security issues related to Toothmonk offices or staff.
- Reports of outdated software unless they present a direct security risk.
Legal Safe Harbor
Toothmonk will not take legal action against security researchers who follow this policy in good faith. However, failure to comply with the responsible disclosure guidelines may result in legal consequences.
We appreciate the security community’s efforts in helping us maintain a safe and secure platform. Thank you for your support in keeping Toothmonk secure!
📧 Report Security Issues: hello@toothmonk.com