Vulnerability Disclosure Policy

1. Purpose

This policy provides guidelines for reporting security vulnerabilities to LiveGuild. We encourage good-faith researchers to responsibly disclose issues so we can improve platform safety.

2. Responsible Disclosure

If you discover a potential security vulnerability, you agree to:

• Report it privately through the LiveGuild contact page (“Security Issue” option)
• Provide enough detail for us to reproduce the issue
• Avoid accessing, modifying, or destroying data
• Avoid disrupting service availability
• Avoid publicly disclosing the issue before we resolve it

3. Research Guidelines

Safe, non-destructive testing is allowed. The following activities are prohibited:

• DDOS, traffic floods, or stress testing
• Accessing accounts that are not yours
• Copying or exfiltrating user data
• Social engineering of staff or users
• Automated scanning at disruptive volumes

4. Our Commitment

LiveGuild will review all good-faith submissions and respond promptly. We commit to:

• Investigate the report
• Resolve confirmed issues as quickly as possible
• Keep the reporter informed during the process
• Credit researchers who request acknowledgment after fixes are deployed

5. Legal Safe Harbor

If you comply with this policy during your research and reporting, LiveGuild will not pursue legal action regarding your disclosure efforts.

6. Contact

To report a vulnerability, use the LiveGuild contact page and select the “Security Issue” option. This opens a pre-filled email to the appropriate team.