Security Policy
Night Wolves is committed to protecting user data and the reliability of our services. We welcome responsible disclosure of security vulnerabilities and will work with researchers to resolve issues quickly.
Contact: nightwolvessupport@googlegroups.com
Scope
In scope
- https://nightwolves.vercel.app and all paths under this domain
- Night Wolves web application, APIs, and authentication flows
Out of scope
- Third-party services not controlled by Night Wolves
- Physical attacks or social engineering
- Denial of service (DoS/DDoS) and load testing
Responsible disclosure
- Provide a clear description of the issue and its potential impact.
- Include reproduction steps, proof of concept, or screenshots if possible.
- Do not access or modify data that does not belong to you.
- Give us a reasonable time window to fix the issue before public disclosure.
Safe harbor
We consider good-faith security research as authorized and will not pursue legal action against researchers who follow this policy. Please avoid privacy violations, data destruction, and service disruption.
Response timeline
- Acknowledgment: within 5 business days
- Initial assessment: within 10 business days
- Fix timeline: depends on severity and complexity
Reporting checklist
- Vulnerability type (e.g., XSS, CSRF, auth bypass)
- Steps to reproduce
- Impact description
- Suggested mitigation (if available)
Acknowledgments
We appreciate the security community. If you would like acknowledgment, include the name or handle you want listed when reporting.