English
Help CenterLogin

Edge226 Responsible Vulnerability Disclosure Policy

Last Updated: October 15, 2025

We take the security and privacy of our systems, data, and customers very seriously. We recognize the important role that independent security researchers and the wider security community play in helping to identify and address potential vulnerabilities. This Responsible Vulnerability Disclosure Policy outlines how researchers can report security issues to Edge226 in a safe, responsible, and coordinated way.

1. Purpose

The purpose of this policy is to provide clear guidelines for reporting potential security vulnerabilities affecting Edge226 systems, products, or services. Our goal is to ensure that security issues are reported responsibly and remediated quickly, researchers are acknowledged and treated with respect and transparency, and no legal action is taken against those who follow this policy in good faith.

2. Scope

This policy applies to Edge226-owned websites and applications (including edge226.com and any official subdomains), and Edge226-operated APIs, platforms, and data systems.

Out of Scope:

  • Third-party services or technologies not owned or controlled by Edge226.
  • Social engineering, physical attacks, or denial-of-service (DoS/DDoS) testing.

3. Reporting a Vulnerability

If you believe you have discovered a potential security issue or vulnerability affecting Edge226, please contact us at: privacy@edge226.com

Include the following details in your report:

  • A clear description of the vulnerability.
  • Steps to reproduce or proof-of-concept (PoC) code, if available.
  • The potential impact or affected systems.
  • Your contact information for follow-up communication.

Please do not share any confidential or private information.

4. Our Commitment

When you report a vulnerability to Edge226:

  1. Acknowledgment within a reasonable period, depending on the severity of the vulnerability,
  2. Assessment by our security team.
  3. Remediation of confirmed vulnerabilities.
  4. Coordinated disclosure after remediation.

5. Researcher Guidelines

Researchers must act in good faith and avoid privacy violations, data destruction, or service disruptions. Do not access, modify, or delete data that does not belong to you. Limit testing to systems in scope and avoid public disclosure until the issue has been addressed by Edge226.

6. Legal Safe Harbor

Edge226 will not pursue legal action or law enforcement referral against researchers who make a good-faith effort to comply with this policy. Activities conducted in accordance with this policy are considered authorized under the Computer Fraud and Abuse Act (CFAA) and similar laws.

7. Recognition and Collaboration

We value contributions from the security community. While Edge226 does not currently operate a formal bug bounty program, we deeply appreciate all responsible security disclosures.

8. Contact and Communication

All vulnerability-related communications should be directed to: privacy@edge226.com

Please use this contact for vulnerability and security-related communications.

10. Policy Updates

Edge226 may update this policy periodically to reflect evolving best practices and legal requirements.Thank you for helping us maintain the security and integrity of Edge226’s platform and community. Your contributions make the digital advertising ecosystem safer for everyone.