Vulnerability Disclosure Policy

Last updated: May 13, 2025

Purpose

Flashquotes is committed to providing a secure platform for our users, including mobile event caterers who rely on our software for their daily operations. We recognize the importance of identifying and addressing security vulnerabilities promptly. By establishing this Vulnerability Disclosure Policy, we aim to encourage responsible disclosure of security issues and to work collaboratively with the security research community to enhance the security of our platform.

Scope

This policy covers vulnerabilities in the Flashquotes platform, including our web application, APIs, and related services. Specifically, the following are in scope:

The following are out of scope:

Safe Harbor

We appreciate the efforts of security researchers who responsibly disclose vulnerabilities. We will not initiate legal action against researchers who:

Thank you for helping us keep Flashquotes secure.

Responsible Disclosure Guidelines

If you discover a potential security issue in our platform, we ask that you:

  1. Report it privately by emailing us at security@flashquotes.com.
  2. Provide detailed steps to reproduce the issue, including URLs, payloads, screenshots, or logs if applicable.
  3. Allow us a reasonable time to investigate and remediate before any public disclosure.
  4. Avoid accessing, modifying, or deleting any user data that is not your own.

We commit to:

Recognition

We currently do not operate a formal bug bounty program. However, for verified, high-impact vulnerabilities, we may offer a modest discretionary reward or public recognition as a token of appreciation.

Unauthorized Testing

The following types of testing are not authorized under this policy:

Contact Information

For any questions about this policy or to report a vulnerability, please contact us at security@flashquotes.com.