We take security seriously at Golden Analytics. If you've found a vulnerability in our product, we want to hear from you — and we're committed to working with you to resolve it quickly.
How to report
Send your findings to our security team. Please include a description of the issue, steps to reproduce it, and the potential impact. We'll acknowledge receipt within 72 hours.
What we ask of you
- Give us reasonable time to respond before disclosing publicly (we request at least 90 days)
- Avoid accessing, modifying, or deleting data that isn't yours
- Don't perform denial-of-service attacks or disrupt production systems
- Don't use social engineering, phishing, or physical access attacks
- Only test against accounts and data you own or have explicit permission to test
Scope
Our commitments
Safe harbor
We consider security research conducted under this policy to be authorized. We will not pursue civil or criminal action against researchers who act in good faith, follow these guidelines, and make a genuine effort to avoid privacy violations, data destruction, and service disruption.
If legal action is initiated by a third party against a researcher who complied with this policy, we will make clear to the relevant parties that the research was conducted in accordance with our policy.
This policy does not apply to findings in third-party systems or infrastructure we do not operate.