GADURA CREATOR PLATFORM

Legal

Security & Vulnerability Disclosure Policy

We take security seriously and welcome responsible reports of potential vulnerabilities. This policy explains how to report issues and what you can expect from us.

Last updated: 28 December 2025

← Back to Legal

Operator: Gadura, LLC

Security Contact: security@gadura.com

Support: support@gadura.com

Mailing Address: 3rd Floor, 86–90 Paul Street, London EC2A 4NE

Gadura is committed to protecting the security and privacy of our users. We encourage security researchers and members of the community to report potential vulnerabilities to us in a responsible manner.

1. Responsible Disclosure

If you believe you have discovered a security issue affecting Gadura, please notify us as soon as possible and give us reasonable time to investigate and remediate the issue before publicly disclosing any details.

2. How to Report

Please include as much detail as possible, including:

  • steps to reproduce,
  • affected URLs, parameters, or accounts,
  • impact and likelihood of exploitation,
  • screenshots or proof-of-concept (if safe),
  • your contact information for follow-up.

Send reports to:
security@gadura.com

3. What You Can Expect

  • We will acknowledge valid reports.
  • We will investigate and prioritize fixes based on severity.
  • We may request additional details to reproduce or validate.
  • We will notify you when remediation is implemented where appropriate.

While we appreciate responsible disclosures, participation in this program does not currently include monetary rewards or bug bounties.

4. Rules of Engagement (Do Not)

To protect users and data, please do not:

  • access, modify, or destroy data that does not belong to you,
  • exfiltrate personal data,
  • perform denial-of-service or load-testing attacks,
  • send spam or phishing messages,
  • social-engineer our employees or users,
  • use automated tools that generate excessive traffic,
  • publicly disclose issues before remediation.

Testing must remain limited, controlled, and non-disruptive. If you are unsure, ask us first.

5. Out of Scope (Examples)

  • rate-limiting or generic brute-force findings without impact,
  • missing security headers that do not create exploitability,
  • issues requiring jailbroken devices or outdated browsers,
  • third-party apps or services not controlled by Gadura,
  • self-XSS requiring user-initiated actions.

6. Good-Faith Commitment

If you comply with this policy and act in good faith, we will not pursue legal action solely due to your responsible security research activities related to this program.

7. Changes

We may update this policy from time to time. Material updates may be communicated through our website or in-product notifications.