Responsible Disclosure Process

---

We take the security of our systems seriously and value the contributions of security researchers who help us protect our users and data. If you believe you’ve discovered a security vulnerability, we encourage you to report it to us responsibly.

Reporting a Vulnerability

If you discover a potential security issue, please report it by emailing us at (nancy.seddon@rockfordlandworks.com) with the following details:

• A description of the vulnerability
• Steps to reproduce the issue
• Any potential impact you believe it may have

We aim to acknowledge receipt of your report within 72 hours and provide updates as we investigate.

Guidelines for Researchers

To protect our users and systems, we ask that you:

• Act in good faith and avoid violating privacy, destroying data, or interrupting services.
• Do not attempt to access non-public data beyond what is necessary to demonstrate the vulnerability.
• Do not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.
• Do not use automated scanners or tools that generate significant traffic or disrupt services.

What You Can Expect from Us

• We will acknowledge your report promptly.
• We will work with you to investigate and resolve the issue.
• We will notify you when the issue has been remediated.
• With your permission, we may publicly credit you for your contribution.

Safe Harbor

We will not pursue legal action against researchers who:

• Report vulnerabilities to us in good faith.
• Follow the guidelines outlined in this policy.
• Make every effort to avoid privacy violations, service disruptions, and data destruction.