Security Policy

Reporting Process

Have you discovered a security vulnerability on profpanda.com? We greatly appreciate responsible disclosures. Please send your finding to security@profpanda.com .

Please include in your report: a clear description of the vulnerability, the steps to reproduce it, and an assessment of the potential impact.

In Scope

The following are within the scope of this policy:

• profpanda.com and all subdomains
• Cross-site scripting (XSS)
• SQL injection
• Authentication and authorisation flaws
• Sensitive data exposure

Out of Scope

The following are outside the scope of this policy:

• Social engineering and phishing
• Physical attacks
• Denial of service (DoS/DDoS)
• Third-party services not under our control
• Theoretical vulnerabilities without a working proof of concept

Our Commitment

We will acknowledge receipt of your report within 3 business days. After triage we will inform you of the expected fix timeline. We will not pursue legal action against researchers who act in good faith and respect this policy. On request, we will credit you in our acknowledgments.

Responsible Disclosure

We ask that you do not publish or share details of the vulnerability until the fix has been deployed. We are happy to coordinate the timing of any public disclosure with you.