Responsible Vulnerability Disclosure Policy

Last updated: September 2025

At Aztecs, the security of our systems and the protection of our users’ data are top priorities. We are committed to working with the security research community to identify and resolve potential vulnerabilities responsibly.

Our Commitment

• We will acknowledge receipt of your report within 5 business days.

• We will provide you with an estimated timeline for addressing the vulnerability.

• We will keep you informed of progress, particularly if remediation is expected to take longer than anticipated.

• We will notify you when the issue has been resolved.

Guidelines for Researchers

We ask that you:

• Act in good faith to avoid privacy violations, data destruction, or service disruption.

• Provide us with a reasonable amount of time (at least 90 days) to fix the issue before making any information public.

• Do not access, modify, or delete any data that does not belong to you.

• Do not use automated scanning tools that could degrade service quality for our users.

• Do not attempt social engineering, phishing, or physical attacks against our employees or infrastructure.

How to Report a Vulnerability

If you believe you’ve discovered a security vulnerability in our website, systems, or services, please contact us at: security@aztecs.net

Please include:

• A description of the vulnerability.

• Steps to reproduce the issue.

• Any supporting evidence (screenshots, code, or logs) that can help us understand and resolve the issue.

Safe Harbor

We will not initiate legal action against researchers who:

• Follow this policy in good faith.

• Avoid harming our users or systems.

• Provide us with a reasonable opportunity to remediate before public disclosure.