Responsible disclosure_
If you find a security vulnerability in Boty, tell us privately and we will help get it resolved. We appreciate responsible disclosure.
Security contact: security@boty.agency
Contact
Report any security finding privately to security@boty.agency. This address is also listed in our security.txt file (RFC 9116), published at https://boty.agency/.well-known/security.txt.
Scope
This policy covers the domains and applications of Boty Agency: boty.agency and its product subdomains.
What to do
Give us enough detail to reproduce the issue. Allow us a reasonable period to fix it before disclosing it publicly.
What not to do
Do not access data that is not yours, do not degrade the service (no denial-of-service attacks), do not use social engineering against our team or our customers, and do not test against real third-party data.
Safe harbor
Good-faith research that respects this policy will not be subject to legal action on our part.
Response
We confirm receipt of your report and keep you informed of the status of the fix.
Recognition
With your permission, we include you in our hall of fame. Verified critical security bugs may receive a reward, assessed case by case.