Security Policy

At VAP Elo Boost, we take the security of our website and your data seriously. This page outlines our security practices and provides information for security researchers.

Vulnerability Disclosure Policy

We appreciate the work of security researchers in improving internet security. If you believe you've found a security vulnerability on our website, we encourage you to report it to us responsibly.

How to Report a Vulnerability

Please send vulnerability reports to [email protected]. We request that you:

Provide enough information for us to reproduce and validate the issue
Avoid accessing or modifying user data without permission
Do not disclose the vulnerability publicly before we've had a chance to address it

What We Promise

We will acknowledge receipt of your report within 3 business days
We will provide an estimated timeframe for addressing the vulnerability
We will notify you when the vulnerability has been fixed
We will not take legal action against security researchers who follow this policy

Security Measures

We implement various security measures to protect your data:

HTTPS encryption for all web traffic
Secure payment processing through PayPal
Regular security updates and patches
DDoS protection and WAF through Cloudflare
Strict access controls for internal systems
Regular security assessments and audits

Data Protection

We are committed to protecting your personal information:

We only collect the data necessary to provide our services
We do not sell or share your personal information with third parties
We encrypt sensitive data both in transit and at rest
We have implemented measures to comply with applicable data protection regulations

Scope of Testing

Security researchers are permitted to test for vulnerabilities on:

vapeloboost.com and all subdomains
Our web applications hosted under those domains

The following types of testing are prohibited:

Denial of service attacks
Social engineering attacks against our staff or users
Physical attacks against our offices or data centers
Testing third-party services we use

Known Security Issues

We maintain a list of known security issues that are being addressed:

Encrypted Client Hello (ECH) protocol configuration - In progress

Contact Information

For security-related inquiries, please contact us at:

Email: [email protected]

For urgent security matters, please contact our security team directly at [email protected].

Last updated: May 2024