Responsible Disclosure

V-Spot takes security seriously. We welcome responsible disclosure of vulnerabilities in our systems and are committed to working with the security community to address them promptly.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in any V-Spot product or system, please report it to security@v-spot.uk. Include as much detail as possible, including steps to reproduce the vulnerability, its potential impact, and any suggested remediation.

Our Commitment

We will acknowledge receipt of your report within 48 hours, provide an initial assessment within 5 business days, and keep you informed of our progress toward remediation. We will not pursue legal action against researchers who discover and report vulnerabilities in good faith and in accordance with this policy.

Scope

This policy applies to all V-Spot products, services, and infrastructure. We ask that researchers avoid accessing, modifying, or deleting data belonging to other users, and refrain from any activity that could cause service disruption.

Recognition

We are happy to publicly acknowledge security researchers who report valid vulnerabilities, subject to their consent. As fellow security researchers, we understand and appreciate the effort that goes into responsible vulnerability discovery.