Everincodeh Security Policy

We take security seriously at Everincodeh. This policy explains how vulnerabilities should be reported, how we handle disclosures, and what researchers can expect from us.

1. Reporting Security Vulnerabilities

If you discover a security vulnerability in any Everincodeh system, service, or application, we encourage responsible disclosure. Please report it directly to our security contact email.

2. What to Include in Your Report

To help us validate and resolve issues quickly, please include:

  • Clear description of the vulnerability
  • Steps to reproduce the issue
  • Affected URL or system component
  • Potential impact assessment
  • Any supporting evidence (screenshots, logs, etc.)

3. Response Timeline

We aim to acknowledge all valid vulnerability reports within 48–72 hours. After acknowledgment, we will provide updates during the investigation and remediation process.

4. Safe Harbor Policy

We support responsible security research and will not pursue legal action against individuals who:

  • Follow responsible disclosure practices
  • Avoid accessing or modifying user data
  • Do not disrupt production systems or services
  • Do not perform attacks beyond what is necessary to demonstrate the issue

5. Scope

This policy applies to all Everincodeh-owned domains, applications, APIs, and infrastructure unless explicitly stated otherwise. Third-party services integrated into our systems may fall under their own security policies.

6. Out of Scope Issues

  • Denial of Service (DoS) attacks
  • Social engineering attempts
  • Physical security issues
  • Spam or rate-limiting bypass without security impact

7. Recognition and Rewards

Everincodeh does not currently operate a bug bounty program, Hall of Fame, certificate program, or any formal recognition or reward system for vulnerability disclosures.

While we greatly appreciate responsible disclosure and the efforts of security researchers, submission of a vulnerability report does not create an expectation of compensation, public acknowledgment, or any other form of reward.

8. Program Updates

Everincodeh may update this security policy at any time. Updates will be reflected on this page to ensure transparency with security researchers and users.

9. Contact

For all security-related communications, please contact: