Purpose
LuminaLeap Technologies values the efforts of security researchers, ethical hackers, and members of the cybersecurity community who help identify vulnerabilities responsibly.
This policy outlines how vulnerabilities should be reported to us.
Reporting a Vulnerability
If you discover a security vulnerability affecting LuminaLeap Technologies systems, websites, or applications, please report it responsibly by emailing:
Please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Screenshots or supporting evidence where applicable
- Your contact details for follow-up communication
Responsible Conduct
When conducting security research, we request that you:
- Avoid violating privacy or accessing unnecessary data
- Do not exploit vulnerabilities beyond what is necessary for proof of concept
- Do not disrupt services or systems
- Do not publicly disclose vulnerabilities before remediation
- Act in good faith and in accordance with applicable laws
Our Commitment
LuminaLeap Technologies will:
- Acknowledge receipt of valid vulnerability reports
- Investigate reported issues in a reasonable timeframe
- Work to remediate confirmed vulnerabilities
- Maintain open communication with reporters where appropriate
Exclusions
This policy does not permit:
- Social engineering attacks
- Physical attacks against facilities or personnel
- Denial-of-service attacks
- Spam or phishing campaigns
- Unauthorised access to data
- Destructive testing or malicious exploitation
Legal Position
LuminaLeap Technologies will not pursue legal action against individuals acting in good faith and in accordance with this policy.
No Guaranteed Reward
Unless formally stated through a separate programme, LuminaLeap Technologies does not currently operate a bug bounty or guaranteed compensation programme.