Security Policy for relentlessCurious

Developer: relentlessCurious by Ian McKenzie

Scope: relentlesscurious.com and related products

Last Updated: July 23, 2025

1. Introduction

At relentlessCurious, we take security seriously. This policy outlines our commitment to maintaining a secure environment for our users and provides guidelines for responsible disclosure of security vulnerabilities.

2. Reporting Security Vulnerabilities

If you discover a security vulnerability in our systems, please report it responsibly by contacting our developer, Ian, at:

Email: [email protected]

Please include the following information in your report:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Suggested remediation (if applicable)
  • Your contact information for follow-up

3. Response Timeline

We are committed to responding to security reports promptly:

  • Initial Response: Within 48 hours of receiving your report
  • Investigation: Within 7 days for initial assessment
  • Resolution: Timeline varies based on severity
  • Disclosure: After fix is deployed and verified

4. Scope

In Scope

  • relentlessCurious.com and all subdomains
  • Web applications and APIs
  • Smart contracts (when deployed)
  • Infrastructure vulnerabilities
  • Social engineering vulnerabilities

Out of Scope

  • Third-party services we don't control
  • Social media accounts
  • Physical security issues
  • Denial of Service (DoS) attacks
  • Spam or social engineering attacks

5. Responsible Disclosure Guidelines

We ask that security researchers:

  • Allow us reasonable time to investigate and address the issue before public disclosure
  • Avoid accessing, modifying, or deleting user data
  • Do not perform testing that could degrade or damage our systems
  • Do not use social engineering, phishing, or physical attacks
  • Make a good faith effort to avoid privacy violations and data destruction
  • Contact us immediately if you inadvertently access sensitive data

6. Security Measures

Our security implementation includes:

Web Security

  • Content Security Policy (CSP)
  • HTTP Strict Transport Security (HSTS)
  • X-Frame-Options protection
  • Input validation and sanitization

Data Protection

  • Encryption in transit and at rest
  • Regular security audits
  • Access controls and monitoring
  • Secure development practices

7. Recognition

We appreciate the security research community's efforts in keeping our platform secure. Researchers who responsibly disclose valid security vulnerabilities may be:

  • Acknowledged in our security advisory (with permission)
  • Listed in our hall of fame
  • Considered for our bug bounty program (when available)

8. Legal Safe Harbor

relentlessCurious will not pursue legal action against security researchers who:

  • Follow our responsible disclosure policy
  • Report vulnerabilities in good faith
  • Do not violate any applicable laws
  • Do not access, modify, or delete user data
  • Do not disrupt our services

9. Changes to This Security Policy

We may update this Security Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date at the top. We encourage you to review this policy periodically for any changes.

10. Contact Us

If you have any questions about this Security Policy or need to report a security issue, please contact us at:

Email: [email protected]