Vulnerability Disclosure Policy
Alchemy Infusion Co is committed to ensuring the security and integrity of our systems and data. We welcome and encourage responsible disclosure of security vulnerabilities.
How to Report a Vulnerability
If you believe you have discovered a vulnerability, please report it promptly:
- Email: security@alchemyinfusionco.com.au
- Use our PGP key for sensitive reports: Download Public Key
Please include:
- Description of the vulnerability
- Steps to reproduce
- Affected URLs, systems, or services
- Proof-of-concept (screenshots, scripts, etc.)
Scope
This policy applies to:
- alchemyinfusionco.com.au
- All subdomains owned and operated by Alchemy Infusion Co
Out of Scope
- Denial of Service (DoS/DDoS)
- Social engineering or phishing attacks
- Physical attacks
- Spam-related issues
- Third-party systems not under our control
Rules of Engagement
- Do not exploit vulnerabilities beyond what is necessary to demonstrate impact
- Do not access, modify, or delete user data
- Do not disrupt services
- Respect privacy and confidentiality
Our Commitment
- Acknowledge reports within 3 business days
- Provide updates on remediation progress
- Work to resolve vulnerabilities in a timely manner
Safe Harbor
If you act in good faith and follow this policy, we will not pursue legal action against you.
Recognition
We may acknowledge valid reports publicly unless anonymity is requested.