Neocode LLC, doing business as NeoVigil (“NeoVigil,” “we,” “our,” or “us”), is committed to protecting the security and integrity of our systems, infrastructure, and users. We welcome responsible disclosure of security vulnerabilities.

1. Scope

This policy applies to:

• https://neovigil.io
• NeoVigil-owned public web properties
• Pre-release services, APIs, or environments explicitly made available by NeoVigil

This policy does not apply to third-party services or infrastructure not controlled by NeoVigil.

2. How to Report a Vulnerability

Please report suspected vulnerabilities to: contact@neovigil.io

Please include:

• A clear description of the issue
• Steps to reproduce
• Expected vs. actual behavior
• Potential impact
• Proof-of-concept (if available)
• Any logs or screenshots that help us validate quickly

3. Responsible Disclosure Guidelines

We ask that you:

• Avoid violating privacy, accessing data you do not own, or exfiltrating data
• Avoid actions that disrupt services (e.g., DoS/DDoS, spam, or brute force)
• Limit testing to what is necessary to demonstrate the vulnerability
• Do not publicly disclose the issue until we have addressed it (or you have received written permission)

4. Our Commitment

When you follow this policy, we will:

• Acknowledge receipt of your report
• Investigate and validate the issue
• Work to remediate in a timely manner
• Keep you informed of progress when appropriate

5. Safe Harbor

We will not pursue legal action against individuals who conduct security research in good faith, comply with this policy, and avoid harm to users, data, and systems. This policy does not grant permission to access third-party systems or data.

6. Bug Bounty

NeoVigil does not currently operate a public bug bounty program unless explicitly stated.

7. Contact

For security reports, contact: contact@neovigil.io