Responsible Disclosure Policy

Easy Ledger Services takes security seriously and appreciates the responsible disclosure of security vulnerabilities. This policy outlines how to report vulnerabilities and what to expect.

Scope

This policy applies to:

• The Easy Ledger Services website (easyledgerservices.com)
• Any web applications operated by Easy Ledger Services

What We Ask

If you discover a potential security vulnerability, we ask that you:

• Report the vulnerability promptly to our security contact
• Provide sufficient detail to reproduce the issue
• Give us reasonable time to address the issue before public disclosure
• Act in good faith and avoid privacy violations, data destruction, or service disruption
• Do not access or modify data that does not belong to you

What We Commit To

• Acknowledge receipt of your report within 3 business days
• Provide an initial assessment within 10 business days
• Keep you informed of our progress
• Not pursue legal action against researchers acting in good faith
• Credit you for the discovery (if desired) when we address the issue

Out of Scope

The following types of findings are generally out of scope:

• Denial of service attacks
• Social engineering or phishing
• Physical attacks against our facilities
• Vulnerabilities in third-party services we do not control
• Missing security headers without demonstrated impact
• Automated scanner reports without manual verification

How to Report

Please report security vulnerabilities via email. Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested remediation (optional)
• Your contact information (for follow-up)

Recognition

We appreciate security researchers who help us improve our security. With your permission, we will acknowledge your contribution when we address the issue.

Questions

If you have questions about this policy, please contact us at Hello@easyledgerservices.com.