D9Tech Resources values the security research community. If you believe you have found a security vulnerability in this website, we want to hear about it, and we will work with you in good faith to understand and resolve it.
Scope
This policy covers the public D9Tech Resources website and its subdomains. It does not cover third-party services we link to, government or contractual systems we support under separate agreements, or the physical security of our facilities.
How to report
Send your report by email to sales@d9tech.net with "Security" in the subject line, or use our contact page. To help us act quickly, please include:
- A clear description of the issue and where you found it (the page or URL).
- Step-by-step instructions to reproduce it.
- The potential impact as you understand it.
- Any proof-of-concept material, screenshots, or logs that help us confirm it.
Please do
- Give us a reasonable amount of time to investigate and fix an issue before sharing it publicly.
- Make a good-faith effort to avoid privacy violations, data loss, and service disruption.
- Only interact with accounts and data that you own or have explicit permission to test.
Please do not
- Run denial-of-service tests, send spam, or use automated scanning that degrades the site.
- Access, modify, or delete data that does not belong to you.
- Use social engineering, phishing, or physical attacks against our staff or facilities.
Our commitment
If you make a good-faith effort to follow this policy, we will not pursue or support legal action against you for your research. We will acknowledge your report, keep you informed as we investigate, and work to remediate confirmed issues in a timely manner. We do not currently operate a paid bounty program, but we genuinely appreciate responsible disclosure.