Security & Vulnerability Disclosure Policy

We take the security of Leonid Suite seriously. If you believe you have found a security vulnerability, we encourage you to let us know right away.

How to Report

Email your findings to {email}. Please include:

• A description of the vulnerability and its potential impact
• Step-by-step reproduction instructions
• Any proof-of-concept code, screenshots, or logs that help illustrate the issue

We will acknowledge your report within 3 business days and aim to provide a resolution timeline within 10 business days.

Our Commitments

If you follow this policy in good faith, we commit to:

• Not pursue legal action against you for your research
• Work with you to understand and resolve the issue promptly
• Keep you informed of progress toward a fix
• Publicly acknowledge your contribution once the issue is resolved, if you wish

In Scope

• leonids-customizable-suite.com and all subdomains
• Authentication and session management
• Access control and permission bypasses
• Data exposure or leakage
• Injection vulnerabilities (SQL, XSS, etc.)

Out of Scope

• Denial of service attacks
• Social engineering or phishing of staff or users
• Physical security
• Vulnerabilities in third-party services we depend on (report those to the vendor directly)
• Automated scanning results without demonstrated impact

Safe Harbour

We consider security research conducted under this policy to be authorised and will not take legal action against researchers who act in good faith and follow these guidelines. We ask that you avoid accessing, modifying, or deleting data that does not belong to you, and that you do not disrupt service availability.