Responsible disclosure policy
Last updated: October 7, 2025
What you'll do
At Florbs.io, we consider the security of our systems a top priority. We believe that strong security is a collaborative effort. We value the work of independent security researchers and encourage the responsible reporting of any potential vulnerabilities. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences on how to submit discovered vulnerabilities to us.
This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before disclosing any vulnerabilities publicly.
Scope
This policy applies to all digital assets owned, operated, or maintained by Florbs.io, including:
florbs.io and its subdomains.
Any service not explicitly listed above, such as any third-party services, are not in scope.
How to report a vulnerability
If you believe you have found a security vulnerability in one of our products or platforms, we encourage you to notify us as soon as possible. We will investigate all legitimate reports and do our best to resolve the problem as soon as possible.
Please email your findings to security@florbs.io.
To help us triage and prioritize submissions, your report should, if possible, include the following:
A clear description of the vulnerability, including the affected URL or IP address.
The potential impact of the vulnerability.
Detailed steps to reproduce the issue, including any proof-of-concept scripts, screenshots, or screen captures.
Your contact information, so we can get in touch for more details if needed.
For general questions or support inquiries, please contact support@florbs.io.
Our commitment
If you choose to share your findings with us, we commit to the following:
We will promptly acknowledge receipt of your vulnerability report (within 3 business days).
We will treat your report confidentially and will not share your personal details with third parties without your permission unless required by law.
We will not take legal action against you for your research, provided you act in good faith and in accordance with this policy and applicable laws.
Ground rules
To encourage responsible reporting, we ask that you make a good-faith effort to adhere to the following rules:
Do not take any action that will harm the experience of our users.
Do not engage in any activity that could cause a denial of service (DoS or DDoS).
Do not access, modify, or exfiltrate data that does not belong to you. Stop your test as soon as you encounter any sensitive data (including personally identifiable information, financial information, or proprietary information).
Do not perform any social engineering (e.g., phishing, vishing) or physical attacks against our employees, contractors, or offices.
Do not publicly disclose any vulnerability without our prior written consent. We ask that you give us a reasonable amount of time to resolve the issue before any public disclosure.
No reward program
Florbs.io does not offer a bug bounty or reward program for vulnerability submissions. However, we value the contributions of security researchers and may, at our discretion, offer public acknowledgment for your contributions after the vulnerability has been remediated.
We appreciate your efforts in helping us keep our platform and our users safe.
