At Buddy Trail, the security and privacy of our customers' data are our top priority. We are committed to protecting our platform from vulnerabilities and ensuring that all transactions and user interactions are conducted securely. This document outlines our security practices and provides guidelines for reporting potential security vulnerabilities.

We actively maintain the following versions of our website and mobile applications:

• Current version: Latest release
• Previous version: Last major release (for up to 6 months)

⚠️ We recommend users stay up to date with the latest versions for optimal security and performance.

To maintain a secure platform, we follow best practices in:

• Encryption: All sensitive data, such as payment information, passwords, and personal details, are encrypted using industry-standard encryption methods (e.g., TLS 1.2/1.3) during transmission and storage.

• Authentication: Multi-factor authentication (MFA) is available and encouraged for users to enhance account security.

• Data Privacy: We adhere to global privacy regulations such as the GDPR, CCPA, and PCI-DSS to protect the personal data of our users.

• Vulnerability Scanning: We regularly conduct vulnerability scanning, penetration testing, and third-party audits to identify and mitigate potential threats.

• Monitoring: We use real-time monitoring systems to detect suspicious activities and mitigate any possible threats promptly.

• Payment Security: Our payment processing is PCI-DSS compliant, ensuring that all financial transactions are handled securely.

We encourage security researchers and developers to report any potential security vulnerabilities. If you believe you have discovered a security issue, please help us by following the steps below:

• Contact us via email: Send your findings to [email protected]

Please include as much detail as possible to help us verify the issue:

• A detailed description of the vulnerability.
• Steps to reproduce the issue.
• Any potential impact on our platform.

❗ Do not disclose publicly: Please refrain from publicly disclosing any details regarding the vulnerability until we have had a chance to investigate and resolve the issue.

We will acknowledge your report within 72 hours and provide an estimated timeline for remediation. We will keep you updated as we work on resolving the issue.

We are committed to working with the security community to verify and address any vulnerabilities in a timely manner.

• We will not take legal action against individuals who discover and report vulnerabilities responsibly, provided that they do not engage in malicious activities or attempt to exploit the vulnerabilities for personal gain.

To recognize and reward the efforts of security researchers, we run a Bug Bounty Program that offers monetary rewards for responsibly disclosed vulnerabilities. Details about the scope and eligibility criteria can be found here.

We regularly release security patches and updates. Users are encouraged to apply these updates as soon as they are available to ensure the continued safety of their accounts and transactions.

For any questions or concerns regarding our security policy, you can reach out to us at:

• Email: [email protected]
• Phone: [+1 (800) 123-4567]

Thank you for helping us keep Buddy Trail secure for everyone!