Security Policy
Vulnerability Disclosure Program
Our Commitment
At Youware, we take the security of our systems and user data seriously. We welcome and appreciate responsible disclosure of security vulnerabilities from the security research community.
Scope
The following assets are in scope for vulnerability reporting:
- www.youware.com and all subdomains
- Youware web application and APIs
How to Report
Please send your findings to security@youware.com with the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any supporting evidence (screenshots, logs, proof of concept)
What to Expect
- Acknowledgment of your report within 3 business days
- An initial assessment within 10 business days
- Regular updates on the progress of remediation
- Notification when the vulnerability has been resolved
Safe Harbor
We will not take legal action against security researchers who discover and report vulnerabilities in good faith, provided they:
- Do not access, modify, or delete user data
- Do not perform actions that could degrade service availability (e.g., DoS)
- Do not publicly disclose the vulnerability before we have resolved it
- Make a good faith effort to avoid privacy violations
Out of Scope
- Social engineering attacks against employees
- Physical security attacks
- Denial of service attacks
- Spam or phishing
- Third-party applications or services