Legal

Security Contact

Report security vulnerabilities and learn about responsible disclosure.
Last updated: June 29, 2026

Draft for attorney review

This document is provided for informational purposes only and has not been reviewed by qualified legal counsel. It does not constitute legal advice and should not be relied upon as a guarantee of compliance with any law or regulation. Contact an attorney before using this content in production.

1. Reporting a Security Issue

If you believe you have discovered a security vulnerability affecting [Company Legal Name] or the SteadyFaith platform, please report it responsibly.

Send details to security@steadyfaith.com. Include a description of the issue, steps to reproduce, potential impact, and any supporting materials.

2. Scope

In scope: vulnerabilities in SteadyFaith-controlled applications, APIs, authentication flows, and infrastructure reasonably attributable to our platform.

Out of scope: social engineering, physical attacks, third-party services outside our control, denial-of-service attacks, issues requiring unlikely user interaction, or vulnerabilities in church-owned content.

3. Responsible Disclosure Guidelines

Do not access, modify, or delete data that does not belong to you.

Do not disrupt service availability or user privacy while testing.

Give us reasonable time to investigate and remediate before public disclosure.

We may request additional information to validate and reproduce reports.

4. Our Response

We aim to acknowledge good-faith reports within a reasonable timeframe. Response and remediation timelines may vary based on severity and complexity.

We do not guarantee monetary rewards or bug bounties unless expressly offered in a separate written program.

5. Safe Harbor (Placeholder)

If you conduct security research in good faith according to these guidelines and applicable law, we will not pursue legal action against you solely for that research, to the extent permitted by law.

This safe harbor statement is a draft placeholder and should be reviewed by counsel before publication.