Responsible Disclosure Policy
We take security seriously. If you've found a vulnerability, we want to hear from you — and we promise to respond quickly and credit your work.
Our Commitment to You
48-hour response
We acknowledge every valid security report within 48 hours of receipt.
30-day fix target
We aim to fix verified vulnerabilities within 30 days of confirmation.
Public credit
With your permission, we credit you in our changelog and Hall of Fame.
How to Report
Use our secure report form
The fastest way — your report goes directly to our admin team and is never publicly visible.
Or email us directly
For complex reports or if you prefer email, reach us at:
security@diyoffgridadvisor.comWhat to Include in Your Report
Description
A clear description of the vulnerability and its potential impact
Steps to reproduce
Detailed steps so we can verify and reproduce the issue
Evidence
Screenshots, videos, or proof-of-concept code (if applicable)
Your contact
How we can reach you for follow-up questions
Safe Harbour
We will not pursue legal action against researchers who discover and report security vulnerabilities in good faith, provided they:
- Do not access, modify, or delete user data beyond what is necessary to demonstrate the vulnerability
- Do not perform denial-of-service attacks or disrupt platform availability
- Do not publicly disclose the vulnerability before we have had a reasonable opportunity to fix it
- Report the vulnerability to us promptly and in good faith
Out of Scope
Security Hall of Fame
Researchers who have helped make our platform safer are recognised here.