Maffinity Vulnerability Disclosure Policy

We welcome responsible disclosure of security vulnerabilities affecting Maffinity services.

How to report

Send details to security@maffinity.com. Include reproducible steps, affected URLs/endpoints, proof-of-concept, and impact.

Safe testing guidelines

• Do not attempt denial-of-service or destructive testing.
• Do not access, modify, or exfiltrate non-public user data.
• Do not use social engineering or physical attacks.
• Test only systems you are authorized to assess.

Response expectations

• We target acknowledgement within 3 business days.
• We triage based on severity and exploitability.
• We coordinate remediation and may request retest validation.

Scope notes

This policy applies to maffinity.com web properties and first-party services.