Our Commitment

Security is a continuous process. We apply technical and organizational safeguards proportionate to risk to protect availability, integrity, and confidentiality. We also collaborate with the security community to continuously improve our posture.

Vulnerability Disclosure Program

We welcome good-faith vulnerability reports. We acknowledge receipt, assess impact, and work on remediation according to severity, exploitability, and business risk.

Reporting Guidelines

• Provide a clear vulnerability description, impact estimate, prerequisites, and reproducible steps.
• Limit testing to the minimum required for proof of concept and avoid service disruption.
• Do not access, alter, or exfiltrate data that you do not own.
• Do not perform social engineering, phishing, spam, aggressive brute force, or testing on out-of-scope third parties.
• Allow reasonable time for triage and remediation before public disclosure.

How to Report

Send your report including technical context, evidence, and a contact channel for follow-up:

security@goodwine.click

For sensitive information, please use our PGP Key.

Scope

This policy applies to goodwine.click and subdomains directly operated by us. Third-party services and infrastructure outside our direct control are out of scope.

Priorities

We prioritize issues affecting personal data, authentication/authorization, code execution, secret exposure, supply chain risk, and core service availability.