Security Policy

How to report security issues (the responsible way)

🔒 Security Notice

We take security seriously. After all, we're in the business of destroying scammers, not becoming one ourselves.

Responsible Disclosure

If you discover a security vulnerability in our systems, please report it responsibly. We appreciate security researchers who help us maintain the integrity of our platform.

Unlike scammers who exploit vulnerabilities for profit, we actually fix them when reported properly.

Reporting Process

To report a security vulnerability:

  • Email us at security@phishdestroy.io
  • Include detailed information about the vulnerability
  • Provide steps to reproduce the issue
  • Allow us reasonable time to address the issue before public disclosure

Please don't post vulnerabilities on social media before contacting us. We're volunteers, not mind readers.

What We Promise

When you report a security issue to us, we will:

  • Acknowledge receipt within 48 hours
  • Investigate the issue promptly
  • Keep you informed of our progress
  • Credit you appropriately if you wish
  • Not pursue legal action against you for responsible disclosure

Scope

This security policy applies to:

  • Our website and web applications
  • Our API endpoints
  • Our data processing systems
  • Our infrastructure and databases

Basically, anything that could help scammers would definitely interest us if it's broken.

Out of Scope

Please do not report:

  • Social engineering attacks against our volunteers
  • Physical security issues
  • Issues in third-party services we don't control
  • Spam or denial of service attacks

Security Measures

We implement various security measures including:

  • Regular security assessments
  • Encrypted data transmission
  • Access controls and monitoring
  • Regular software updates
  • Incident response procedures

We secure our systems better than scammers secure their fake crypto wallets.

Data Protection

We protect the data we collect through technical and organizational measures. Any security incident involving personal data will be handled in accordance with applicable data protection laws.

Contact Information

For security-related inquiries, contact us at security@phishdestroy.io.

We respond to legitimate security reports faster than scammers respond to takedown notices (which is never).