Security Policy
Last updated: May 5, 2025
At myrobotdoll.com, we take the security and privacy of our customers seriously. If you have discovered a vulnerability in our website, services, or infrastructure, we appreciate your help in responsibly disclosing it to us.
How to Report a Vulnerability
Please send an email to: [email protected]
Include as much detail as possible, such as:
- Steps to reproduce the issue
- Relevant URLs or endpoints
- Any logs, screenshots, or proof-of-concept code
Responsible Disclosure Guidelines
We ask that you:
- Do not exploit the issue beyond what is necessary to demonstrate the vulnerability
- Do not test against user data or attempt to access private information
- Allow us a reasonable time to investigate and fix the issue
- Do not publicly disclose the vulnerability until it is resolved
In return, we will:
- Acknowledge your report within 15 business days
- Keep you updated on our progress
- Not pursue legal action against you for good-faith research
Acknowledgments
If you report a valid issue, you may be listed on our Hall of Fame. Let us know if you’d like to remain anonymous.
Exclusions
The following are not considered valid security issues under this policy:
- Missing security headers (e.g., X-Frame-Options, CSP)
- Clickjacking on non-sensitive pages
- Reports from automated scanners without clear impact
- Use of outdated libraries with no proven exploitability
Safe Harbor
We support responsible security research. If you act in good faith under this policy, we will consider your activities authorized and will not take legal action.