Skip to main content
Sign In
Security

Responsible disclosure policy

Last updated
July 4, 2026

We take security seriously at Golden Analytics. If you've found a vulnerability in our product, we want to hear from you — and we're committed to working with you to resolve it quickly.

How to report

Send your findings to our security team. Please include a description of the issue, steps to reproduce it, and the potential impact. We'll acknowledge receipt within 72 hours.

✉️
Security contact
security@goldenanalytics.com

What we ask of you

  • Give us reasonable time to respond before disclosing publicly (we request at least 90 days)
  • Avoid accessing, modifying, or deleting data that isn't yours
  • Don't perform denial-of-service attacks or disrupt production systems
  • Don't use social engineering, phishing, or physical access attacks
  • Only test against accounts and data you own or have explicit permission to test

Scope

In scope
app.goldenanalytics.com
api.goldenanalytics.com
Authentication flows
Data access controls
API endpoints
Out of scope
Third-party infrastructure (Supabase, AWS, Vercel)
Denial-of-service attacks
Social engineering
Spam or phishing
goldenanalytics.com (marketing site)

Our commitments

72h
Initial acknowledgment
7d
Severity assessment and triage
90d
Target remediation for critical findings

Safe harbor

We consider security research conducted under this policy to be authorized. We will not pursue civil or criminal action against researchers who act in good faith, follow these guidelines, and make a genuine effort to avoid privacy violations, data destruction, and service disruption.

If legal action is initiated by a third party against a researcher who complied with this policy, we will make clear to the relevant parties that the research was conducted in accordance with our policy.

This policy does not apply to findings in third-party systems or infrastructure we do not operate.