Responsible Disclosure Policy

Last Updated: [december 15, 2025]

CGD Vibes takes security seriously. We appreciate responsible disclosure of legitimate security vulnerabilities. However, we maintain strict guidelines regarding how security issues may be reported and reviewed.

Scope & Ownership

CGD Vibes is built on a third-party platform, and some components are vendor-managed. We do not own or control the underlying backend infrastructure, authentication engines, or core platform services. Findings related to third-party systems, platform design decisions, or vendor-managed infrastructure are considered out of scope.

Authorized Testing Only

CGD Vibes does not authorize unsolicited penetration testing, vulnerability scanning, or security assessments of any kind. Any testing performed without prior written authorization is strictly prohibited.

No Bug Bounty Program

CGD Vibes does not operate a public or private bug bounty program. Submission of security findings does not imply eligibility for compensation, rewards, or continued engagement.

Reporting Guidelines

If you believe you have identified a legitimate security vulnerability within CGD Vibes’ direct scope, you may report it by email to: [email protected]

Reports must include:

• A clear description of the issue
• Steps to reproduce (if applicable)
• Evidence limited to what is strictly necessary

Review & Response

All submissions are reviewed at our discretion. Due to platform constraints and third-party dependencies:

• We may not provide status updates
• We may not confirm remediation
• We may not engage in follow-up discussions

If further action is required, CGD Vibes will initiate contact.

Legal Notice

Any attempt to exploit vulnerabilities, access unauthorized data, disrupt services, or bypass safeguards may result in legal action. By submitting a report, you acknowledge and agree to these terms.