At DMN Creative, the security of our systems and the privacy of our clients are top priorities. We appreciate and encourage the efforts of security researchers to improve our platform’s security through responsible testing and disclosure. This policy outlines the rules for testing, reporting vulnerabilities, and the expectations we have for researchers who engage with us in good faith.

1. Scope

We welcome security research on the following assets:

• The main domain: dmncreative.com
• Any subdomains of dmncreative.com

Out of Scope:

• Third-party services and products integrated into our website (e.g., payment processors, analytics platforms).
• Any systems or services not expressly listed above are considered out of scope for vulnerability research and reporting.

2. How to Report Vulnerabilities

If you have discovered a vulnerability, please report it by emailing us at [email protected]. To facilitate an effective investigation, please include:

• A detailed description of the vulnerability.
• Steps to reproduce the issue.
• Any potential impact or risks the vulnerability may pose.

For secure communication, you can send us your findings via our secure communicate channel here.

3. Our Commitment

When a report is submitted in compliance with this policy, we commit to:

• Acknowledging your report within 7 business days.
• Providing updates on the progress of the investigation.
• Working to resolve the issue in a timely manner.
• Offering recognition in our Acknowledgements (if desired).

4. Safe Harbor

We support responsible vulnerability disclosure and provide safe harbor for researchers who adhere to this policy. We will not pursue legal action or ask law enforcement to investigate researchers who:

• Follow the rules outlined in this policy.
• Engage in good faith testing to find and report vulnerabilities.
• Avoid compromising the privacy or disrupting the services for our users, employees, or systems.

5. Rules of Engagement

To ensure that your research and testing efforts are aligned with our values, please observe the following guidelines:

• Do not: Engage in any testing that results in data destruction, service disruption, or impacts on user privacy.
• Do not: Attempt phishing, social engineering, or other forms of fraudulent activity.
• Do not: Access, modify, or destroy data that doesn’t belong to you.
• Do: Use only automated tools that are designed for responsible vulnerability testing.
• Do: Allow us reasonable time (at least 90 days) to respond and remediate any identified vulnerabilities before making them public.

6. No Compensation

At this time, DMN Creative does not offer monetary compensation or bug bounties for vulnerability reports. However, researchers who submit valid findings may be recognized on our Acknowledgements page.

7. Legal Limitations

This policy is intended to provide safe harbor to researchers who act in good faith. However, if testing or activities are inconsistent with this policy, DMN Creative reserves the right to take legal action.