Security Policy

Overview

At Seeking Light, we take security seriously and value the input of security researchers and the broader community in helping us maintain high security standards.

Scope

This policy applies to the following domains and systems:

• seekinglight.app (main website)
• *.seekinglight.app (all subdomains)
• Associated API endpoints and web services

Reporting a Vulnerability

If you discover a security vulnerability, please:

1. Email your findings to contact@seekinglight.app
2. Provide detailed information about the vulnerability
3. Include steps to reproduce the issue
4. Wait for acknowledgment before public disclosure

What to Include in Your Report

• Description of the potential impact
• A detailed description of the vulnerability
• Step-by-step instructions to reproduce the issue
• Proof of concept if available
• Any relevant screenshots or supporting materials

Response Process

1. Acknowledgment of receipt within 48 hours
2. Initial assessment and verification within 5 business days
3. Regular updates on the progress of the fix
4. Notification when the vulnerability is fixed

Out of Scope

• Denial of Service (DoS) attacks
• Spam or social engineering attacks
• Physical security attacks
• Third-party applications/websites

Recognition

We value the security research community and will:

• Acknowledge your contribution if requested
• Keep you informed throughout the process
• Work with you on the disclosure timeline

Legal Notes

We will not take legal action against researchers who:

• Make a good faith effort to follow this policy
• Do not compromise user privacy
• Do not disrupt our services
• Do not destroy data

Contact

For security-related inquiries, please contact:

Email: contact@seekinglight.app