Security and Responsible Disclosure

Overview

FinCrime Dojo takes platform security seriously and welcomes good-faith reports that help protect learners, enterprise customers, and service integrity.

This policy describes how to report suspected vulnerabilities and what conduct is permitted when performing responsible disclosure.

Security Practices

We use layered security controls including secure authentication patterns, access controls, rate limiting, input validation, logging, encrypted transport, deployment hardening, least-privilege principles, and security reviews appropriate to the service.

No system is perfectly secure. We continuously improve our controls as the platform evolves.

Reporting Vulnerabilities

Send vulnerability reports to security@fincrimedojo.com with a clear description, affected URL or endpoint, reproduction steps, impact, screenshots or proof-of-concept details where safe, and your contact information.

Please avoid including sensitive user data. If you encounter data that does not belong to you, stop testing and report immediately.

Research Rules

Do not access, modify, delete, exfiltrate, or disclose data that is not yours. Do not perform denial-of-service testing, spam, phishing, social engineering, physical attacks, malware deployment, persistence, lateral movement, or testing against third-party systems.

Do not publicly disclose a vulnerability before FinCrime Dojo has had reasonable time to investigate and remediate.

Good-Faith Research

For good-faith research that follows this policy, FinCrime Dojo will not intentionally pursue legal action solely for the act of reporting a vulnerability. This does not authorize unlawful activity or waive rights against harmful conduct.

Contact

Report security issues to security@fincrimedojo.com. For urgent account safety issues, contact support@fincrimedojo.com.