Security Disclosure Policy

At Horizon Pics, we take security seriously. We appreciate the efforts of security researchers and the wider community in helping us maintain a secure platform. This policy outlines how to report vulnerabilities and what to expect from us.

Reporting a Vulnerability

If you believe you've found a security vulnerability in Horizon Pics, please report it to us by emailing contact@horizon.pics. Include the following:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Your contact information for follow-up

Communications with the email address will be stored with zero-knowledge encryption.

Our Commitment

We commit to:

  • Confirm receipt of your report within 3 business days
  • Provide an initial assessment within 10 business days
  • Work on a fix and release a patch as quickly as possible
  • Keep you informed of our progress
  • If explicitly consented to, acknowledge your contribution to the security of Horizon Pics on the website

Responsible Disclosure

We ask that you:

  • Do not exploit the vulnerability or cause harm to users' data or access to the service
  • Do not publicly disclose the issue until we've had a chance to address it
  • Only access data necessary to demonstrate the vulnerability
  • Delete any data obtained during your research

Scope

This policy applies to all Horizon Pics software, services, and infrastructure, such as Horizon Pics' website, API, CDN, and first-party apps.

Safe Harbour

We will not take legal action against you or terminate your account for security research conducted in good faith and in compliance with this policy.

Last Updated: July 22, 2024