Security Policy
Last Updated: April 29, 2025
At Buying Buddy, we are committed to ensuring the security of our systems and protecting the data of our users.
This security policy outlines our approach to vulnerability reporting and our commitment to addressing security concerns.
Reporting Security Vulnerabilities
We appreciate the efforts of security researchers and the public in helping us maintain the security of our systems.
If you discover a security vulnerability, we encourage you to report it to us as quickly as possible.
Our Commitment
Upon receiving a security report, we are committed to:
- Acknowledging receipt of your vulnerability report within 48 hours
- Providing an initial assessment of the report within 5 business days
- Prioritizing the remediation of valid vulnerabilities based on severity
- Keeping you informed about the progress of resolving the issue
- Publicly acknowledging your contribution (if desired) after the vulnerability has been fixed
Scope
The following systems and services are in scope for vulnerability reporting:
- *.yourcompany.com domains and subdomains
- Our official mobile applications
- Our APIs and web services
The following are out of scope:
- Social engineering attacks against our employees
- Denial of Service (DoS) attacks
- Physical security vulnerabilities
- Third-party services we use but do not control
Responsible Disclosure Guidelines
We request that you:
- Provide sufficient information to reproduce the vulnerability
- Make a good faith effort to avoid privacy violations, data destruction, or interruption of services
- Do not access or modify data that does not belong to you
- Allow reasonable time for us to address the issue before publishing any information about it
Legal Safe Harbor
We will not pursue legal action against individuals who:
- Make a good faith effort to comply with this policy
- Report a vulnerability directly to us
- Refrain from exploiting the vulnerability beyond what is necessary to verify it exists
We reserve the right to seek legal action for activities that violate laws or go beyond the scope of this policy.
Security Acknowledgments
We would like to thank the following individuals for their contributions to our security:
To be included in this list, please indicate in your report whether you wish to be acknowledged publicly.
Security Measures
We employ the following security measures to protect our systems and your data:
- Regular security assessments and penetration testing
- Encryption of sensitive data both in transit and at rest
- Multi-factor authentication for administrative access
- Regular security training for all employees
- Continuous monitoring for suspicious activities
Updates to This Policy
This security policy may be updated from time to time. We will notify users of any significant changes by posting the new policy on this page.