Our Policies & Terms

Terms of Service Privacy Policy Cookie Usage Policy Data Moderation Policy Data Retension & Deletion Policy Contribution & Content Licensing Responsible Disclosure Community Guidelines API Usage Policy Children & Minor Protection Verified Publisher & Organisation Terms

Responsible Disclosure and Security Policy

Effective Date: Jun 12, 2025

At BUCOREL, we take security seriously. We are committed to protecting our users, data, and systems. If you discover a security vulnerability, we appreciate your help in disclosing it responsibly. This policy outlines how to report issues and what you can expect from us.

1. Scope

This policy applies to:

BUCOREL’s core web platform and APIs
Our public PWA and services under *.bucorel.com
Data processing and authentication mechanisms
Infrastructure configuration errors that affect availability or integrity

2. Safe Harbor

We will not initiate legal action against individuals who:

Report vulnerabilities in good faith
Avoid data destruction, service disruption, or privacy violations
Follow the guidelines outlined in this policy

We understand security research is vital and we want to foster a positive, respectful relationship with the community.

3. How to Report a Vulnerability

Send all security reports to:

Email: [email protected]

Please include the following details:

Clear description of the issue and its potential impact
Steps to reproduce (proof of concept preferred)
Your contact information for follow-up (optional)

4. Do Not

Attempt to access, modify, or delete data that isn’t yours
Perform Denial of Service (DoS) or spam attacks
Exploit the issue beyond what is necessary for proof
Use automated scanners or brute-force tools on live services

5. What You Can Expect

We will acknowledge receipt of your report within 3 working days
We will investigate and prioritize genuine issues
We may provide recognition (public or private) if permitted
We may offer a token of appreciation at our discretion

6. Non-Qualifying Issues

Some reports may be outside this policy’s scope, including:

Outdated browser or operating system vulnerabilities
Self-XSS (user attacks themselves)
Missing security headers with negligible impact
Open ports or non-exploitable configuration details

7. Public Disclosure

We ask that you do not publicly share any information about a vulnerability until we have resolved it. If you plan to publish your findings, coordinate timing with us in advance.

8. Commitment to Improvement

We aim to maintain a transparent, respectful process for security communication. Your reports help make BUCOREL safer for everyone. We appreciate your contributions to the community.

9. Contact and Updates

This policy may be updated as we expand or improve our systems. For urgent issues, please use the above email or secure channels provided by our team.

Thank you for helping secure BUCOREL.