Report Security Issues

Fundamentals

If you follow the principles below when reporting a security issue to fashodre.com, Fashodre LLC will not initiate legal action or enforcement investigations against you in response to your report.

We ask that you:

1. Give us reasonable time to review and fix the issue before disclosing it publicly or sharing it with others.
2. Do not interact with or access private accounts without the account owner's explicit consent.
3. Make a good-faith effort to avoid privacy violations, service disruptions, or data destruction.
4. Do not exploit the vulnerability for any reason, including to demonstrate further risks or access sensitive data.
5. Comply with all applicable local, state, and federal laws and regulations.

Bounty Program

Fashodre LLC recognizes and rewards security researchers who help protect our platform by responsibly reporting vulnerabilities. Bounties are awarded at Fashodre LLC's sole discretion, based on risk level, impact, and report quality.

To potentially qualify for a bounty, you must:

1. Follow all fundamentals listed above.
2. Report a valid security vulnerability that poses a genuine risk to user privacy or platform security.
3. Submit your report directly to contact@fashodre.com — please do not contact employees directly.
4. Disclose any accidental privacy violations or service disruptions that occurred during your research.
5. Understand that while we investigate all valid reports, response priority is based on risk severity and may take some time.
6. Agree that Fashodre LLC reserves the right to publish submitted reports at our discretion.

Rewards

Rewards are based on the impact and severity of the reported vulnerability. Please provide detailed and reproducible steps in your report — issues that cannot be reproduced are not eligible for a bounty.

• The first valid report of a given issue receives the bounty.
• Multiple bugs caused by a single underlying issue are treated as one report.
• We assess rewards based on impact, exploitability, and overall report quality.

Non-Reportable Issues

The following are generally out of scope and not eligible for a bounty:

• Denial of Service (DoS/DDoS) attacks or testing
• Spam or social engineering attacks
• Physical security issues
• Vulnerabilities in third-party services or plugins not directly controlled by Fashodre LLC
• Reports generated solely by automated scanning tools without manual validation
• Issues already known to our team or previously reported

How to Submit a Report

To report a security vulnerability, please send an email to contact@fashodre.com with the subject line: "Security Vulnerability Report – fashodre.com".

Your report should include:

• A clear description of the vulnerability
• Step-by-step instructions to reproduce the issue
• The potential impact of the vulnerability
• Any screenshots, videos, or proof-of-concept code (if applicable)

We will acknowledge your report within 3 business days and keep you informed of our progress throughout the resolution process.