Security Policy

How we handle security vulnerabilities and responsible disclosure

Security First

At DNS Studio, we take security seriously. We appreciate the security research community's efforts to help keep our services safe for everyone.

Vulnerability Disclosure

Reporting Security Issues

If you discover a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Contact Information

Email: security@dns.studio

Please encrypt sensitive information using PGP if possible. We aim to respond within 48 hours.

What to Include

  • Description of the vulnerability and potential impact
  • Steps to reproduce the issue
  • Proof of concept (if applicable)
  • Suggested fix or mitigation (if you have one)
  • Your contact information for follow-up

Responsible Disclosure

Our Commitment

  • ✓ We will acknowledge receipt of your report within 48 hours
  • ✓ We will provide regular updates on the status of the vulnerability
  • ✓ We will work with you to understand and resolve the issue quickly
  • ✓ We will credit you in our security acknowledgments (if desired)

What We Ask

  • ✓ Please act in good faith and avoid accessing or modifying user data
  • ✓ Do not perform any actions that could harm our users or services
  • ✓ Give us reasonable time to fix the issue before public disclosure
  • ✓ Keep vulnerability details confidential until we've resolved the issue

Out of Scope

The following are generally considered out of scope for our vulnerability disclosure program:

  • Social engineering attacks
  • Physical security issues
  • Denial of Service (DoS/DDoS) attacks
  • Spam or phishing attempts
  • Issues requiring physical access to devices
  • Issues in third-party services or dependencies
  • Self-XSS or issues requiring user interaction

Security Best Practices

How We Protect Your Data

🔒 Encryption

All data transmission is encrypted using HTTPS/TLS. We use secure protocols for all communications.

🛡️ API Security

Our API endpoints use authentication keys and rate limiting to prevent abuse and unauthorized access.

🚫 No Data Storage

We don't store your DNS lookup queries. All queries are processed in real-time and not logged.

⚡ Regular Updates

We regularly update our infrastructure and dependencies to patch known vulnerabilities.

Security Acknowledgments

We would like to thank the following security researchers who have responsibly disclosed vulnerabilities:

No vulnerabilities have been reported yet. Be the first to help improve DNS Studio's security!

Report a Security Issue

Found a security vulnerability? We'd love to hear from you.

Contact Security Team →