MyDomainRisk
Get started free

Vulnerability Disclosure Policy

Huro Data Technologies Ltd. — last updated 26 March 2026

Our commitment

Huro Data Technologies Ltd. ("we", "us") takes the security of MyDomainRisk and its users seriously. We welcome reports from security researchers who discover vulnerabilities in our systems. We are committed to working with you to understand and address any issues promptly.

Scope

This policy applies to the following systems:

  • mydomainrisk.com (marketing site)
  • app.mydomainrisk.com (application)
  • Any subdomain or API endpoint operated by Huro Data Technologies Ltd.

Third-party services and infrastructure providers used by MyDomainRisk are out of scope. Please report vulnerabilities in those services directly to their respective owners.

How to report

Please send vulnerability reports to support@mydomainrisk.com with the subject line Security Vulnerability Report. Please include:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Any proof-of-concept code, screenshots, or supporting material
  • Your contact details if you would like us to follow up

What to expect

We aim to:

  • Acknowledge receipt of your report within 3 business days
  • Provide an initial assessment of severity and expected resolution timeline within 10 business days
  • Keep you informed of progress as we work to address the issue
  • Notify you when the vulnerability has been resolved

Responsible disclosure guidelines

We ask that you:

  • Give us reasonable time to investigate and remediate before any public disclosure
  • Avoid accessing, modifying, or deleting data belonging to other users
  • Do not perform denial-of-service attacks or disrupt our services
  • Do not use automated scanners or tools against our infrastructure without prior agreement
  • Act in good faith throughout the process

We will not take legal action against researchers who follow this policy and act in good faith.

Recognition

We do not currently operate a paid bug bounty programme. However, we are grateful to researchers who report valid vulnerabilities and are happy to acknowledge your contribution publicly if you wish.

Contact

For any questions about this policy, please contact us at support@mydomainrisk.com.