Security Policy - Product Launch List

Overview

Product Launch List is committed to ensuring the security of our users and their data. This policy outlines our security practices and provides guidelines for security researchers who wish to report vulnerabilities.

Scope

This policy applies to all Product Launch List services and infrastructure, including:

productlaunchlist.com and all subdomains
Product Launch List web applications
API endpoints and services
User data and infrastructure

Vulnerability Disclosure Guidelines

We appreciate the efforts of security researchers in improving our security. If you discover a vulnerability:

Email us at [email protected]
Provide detailed information about the vulnerability
Include steps to reproduce the issue
Allow up to 48 hours for initial response

Out of Scope

Denial of Service (DoS) attacks
Spam or social engineering attacks
Physical security attacks
Third-party applications or websites

Safe Harbor

We will not pursue legal action against security researchers who:

Follow our vulnerability disclosure guidelines
Make good faith efforts to avoid privacy violations
Avoid destructive testing
Do not exploit vulnerabilities beyond necessary proof of concept

Security Measures

All data is encrypted in transit using TLS 1.3
Regular security audits and penetration testing
Secure data storage with encryption at rest
Regular security training for all employees
Multi-factor authentication for all internal systems

Contact

For security-related issues, please contact:
Email: [email protected]
PGP Key: Available at https://productlaunchlist.com/pgp-key.txt

Updates

This security policy was last updated on January 15, 2024. We reserve the right to update this policy as needed to maintain security and comply with industry standards.