SECURITY

Security & Vulnerability Disclosure Policy

Last updated: 2026-06-01 — ScandistreamTV

We take the security of our service and our customers seriously. If you believe you have found a security vulnerability affecting scandistreamtv.com or any associated infrastructure, we welcome your report under the terms below.

Scope

In scope:

Out of scope:

How to report

Email [email protected] with:

  1. A clear description of the vulnerability
  2. Steps to reproduce (proof-of-concept, screenshots, request/response captures)
  3. Impact assessment — what an attacker could achieve
  4. Your contact details (we will acknowledge within 72 hours)

If your report is sensitive, you may encrypt it. Request our PGP public key in your first message.

Safe Harbor

We will not pursue legal action against researchers who:

What to expect

  1. Acknowledgment within 72 hours of your report
  2. Triage and validation within 7 business days
  3. Remediation timelines depend on severity:
  4. Public acknowledgment (with your permission) once remediation is verified

Bug bounty

We do not currently operate a paid bug bounty programme. Verified, high-quality reports may be acknowledged publicly (see Acknowledgments below) and may receive a small token of appreciation at our discretion.

Acknowledgments

Researchers who have responsibly disclosed valid security issues will be listed here with their consent.

Machine-readable contact

See /.well-known/security.txt (RFC 9116).