Responsible Disclosure Policy
Architech Dev Labs S.R.L. takes the security of its website and systems seriously, and we value the work of security researchers who help us keep them safe. This policy explains how to report a security vulnerability to us, what you can expect in return, and the rules that keep your research within good faith. We are committed to working openly and constructively with anyone who reports an issue responsibly.
1. Our commitment
If you believe you have found a security vulnerability in one of our systems, we want to hear from you. We will engage with your report in good faith, investigate promptly, and keep you informed as we work toward a fix. We ask the same good faith from you in return: give us a reasonable opportunity to remediate an issue before disclosing it publicly, and follow the guidelines set out below.
2. Scope
This policy covers:
- the website architechdevlabs.com; and
- the company's own systems, websites, and infrastructure operated by Architech Dev Labs S.R.L.
Please do not test, probe, or target third-party services we rely on (for example, our website hosting provider or font delivery). Those systems belong to other organisations and are outside the scope of this policy.
3. How to report
Send your report by email to security@architechdevlabs.com. To help us assess and reproduce the issue quickly, please include as much of the following as you can:
- a clear description of the vulnerability and the affected system, URL, or endpoint;
- step-by-step instructions to reproduce the issue;
- a proof of concept (for example, a request, script, or screenshot), where applicable;
- an assessment of the potential impact and how the issue might be exploited; and
- any relevant configuration, browser, or environment details.
Please report each issue as soon as you discover it, and give us a reasonable time to respond and remediate before sharing details with others or making them public.
4. What you can expect from us
When you report an issue in line with this policy, we will:
- acknowledge receipt of your report within 5 business days;
- keep you informed of our progress as we investigate and work toward a fix;
- work to remediate confirmed vulnerabilities in a timely manner appropriate to their severity; and
- credit you for your discovery if you would like to be recognised — simply let us know how you wish to be named, or ask to remain anonymous.
5. Guidelines for researchers
To keep your research within good faith and within this policy, please:
- act in good faith and avoid any activity that could harm our services, our users, or the availability of our systems;
- respect privacy, and do not access, modify, delete, or store data that does not belong to you;
- use only your own test accounts and data wherever possible;
- do not perform denial-of-service testing or any action that degrades or disrupts our services;
- do not use social engineering, phishing, or physical attacks against our staff, users, or facilities;
- stop immediately and report to us if you encounter personal data, and do not view, copy, transfer, or retain it further; and
- give us a reasonable opportunity to remediate before any public disclosure.
Any personal data you come across during research is handled in accordance with our Privacy Policy, and your use of the website remains subject to our Terms of Service.
6. Safe harbour
If you make a good-faith effort to comply with this policy during your security research, we will consider your actions to be authorised. We will not pursue or support legal action against you for accidental, good-faith violations of this policy, and we will work with you to understand and resolve any issue quickly. This safe harbour does not apply to research that goes beyond this policy — for example, accessing data that is not yours, disrupting our services, or acting in bad faith. If in doubt about whether a particular action is acceptable, contact us at security@architechdevlabs.com before proceeding.
7. Out of scope
The following are generally out of scope and are not eligible for recognition under this policy:
- denial-of-service attacks and any testing that impairs the availability of our services;
- spam, volumetric, or rate-limiting issues, and reports generated by automated scanners without a demonstrated, exploitable impact;
- social engineering, phishing, and physical attacks against our staff, users, or premises; and
- vulnerabilities in third-party services, platforms, or libraries that we do not control.
8. Recognition
We do not operate a paid bug bounty programme at this time, and we do not offer monetary rewards for reports. We do, however, greatly appreciate the effort involved in responsible research, and we are happy to publicly acknowledge and credit researchers who report valid issues in good faith — if you would like that recognition.
9. Contact
Please send all security reports and related questions to security@architechdevlabs.com. For general or privacy enquiries unrelated to security, contact contact@architechdevlabs.com.
| Company | Architech Dev Labs S.R.L. |
|---|---|
| Security contact | security@architechdevlabs.com |
| General & privacy contact | contact@architechdevlabs.com |
| Website | architechdevlabs.com |