🛡️ Safe Harbor

Vulnerability Disclosure Policy

We welcome and value reports from security researchers. This policy outlines our boundaries, expectations, and the safe harbor guidelines we provide to ethical hackers.

✓ Safe Harbor Protection

If you conduct security research and make a good faith effort to comply with this policy, we will consider your research authorized. We will not initiate or support any legal action or law enforcement complaints against you in connection with your research, and we will work with you to resolve any issues quickly.

Rules of Engagement

—
Do no harmAvoid violating the privacy of others, disrupting our systems, destroying data, or degrading the user experience.
—
Use designated channelsReport discovered vulnerabilities exclusively through our security contact channels. Do not publish details publicly until a fix has been deployed.
—
No social engineeringDo not perform physical security attacks, social engineering, or phishing against Migaku users, partners, or employees.
—
Keep it ethicalDo not exploit vulnerabilities beyond the minimum necessary proof of concept to demonstrate the issue.

Scope of Assessment

Target / Asset	Status
https://www.migaku.app	In Scope
https://migaku.app	In Scope
Migaku API Endpoints (/api/*)	In Scope
Third-party integrations & widgets	Out of Scope
Denial of Service (DoS/DDoS)	Strictly Prohibited

SLA & Resolution Timeline

Initial ResponseWithin 48 Hours

Acknowledgment of receipt and assignment of a security engineer.

Triaging & AnalysisWithin 3 Days

Verification of vulnerability and assessment of severity level.

Resolution & FixWithin 14 Days

Developing, testing, and deploying the security patch.

← Security Contact Hall of Fame →