Vulnerability Disclosure Policy

1. Our Objective:
We are committed to the security of our systems and the data of our users. We welcome any vulnerability reports that help us improve the safety of our services.

2. What We Expect from the Reporter:

Notify us immediately at hello@become.hu upon discovering a vulnerability.
Do not publicly disclose the vulnerability until we have given permission for its publication.
Do not exploit the vulnerability in any way or gain access to sensitive data that you are not authorized to access.

3. Acceptable Behavior:

Use only your own accounts during testing.
Avoid any actions that could disrupt our services (e.g., DoS attacks).
Respect the security of other users' data.

4. What We Provide:

We will respond within 5 business days after receiving your report.
We will evaluate and investigate all reports made in good faith.
If the reporter agrees, we will publicly acknowledge their contribution.

5. Prohibited Activities under Our Policy:

Distribution of malicious code.
Intentional data loss or theft.
Use of automated scripts or bots for large-scale testing.

6. Policy Updates:
This policy is valid until December 31, 2025. We reserve the right to update it as necessary.