Policy · v1.0

Vulnerability Disclosure Policy

DRIVUNO welcomes coordinated security research. This policy describes how to report a vulnerability, what is in scope, and what you can expect from us.

How to report

Email security@drivuno.com.

We accept PGP-encrypted reports. Our key fingerprint and full key are published at /.well-known/security.txt.

Please include: a clear description, reproduction steps, impact assessment, and any relevant logs. Do not include third-party PII. Do not include exploit payloads against live user data.

In scope

Out of scope

Safe harbor

Good-faith security research that follows this policy will not result in legal action from DRIVUNO. We ask that you: (a) avoid privacy violations, data destruction, and service degradation; (b) only interact with accounts you own or have explicit permission to test; (c) do not exfiltrate user data beyond the minimum needed to demonstrate impact; (d) keep the report confidential until we have remediated.

Response timeline

Coordinated disclosure

We commit to crediting researchers in the security changelog unless they prefer anonymity, and to publishing a clear advisory describing the issue, affected versions, and remediation.

Encrypted on your device · upload in 1 click
Upload