Vulnerability Disclosure Program

At Proxylity, we take the security of our customers and our platform seriously. We welcome reports from security researchers who help us keep UDP Gateway and its integrations safe and reliable.

Reporting a Vulnerability

If you believe you've found a vulnerability in Proxylity UDP Gateway or in any service operated by Proxylity LLC, please let us know right away.

Email security@proxylity.com with:

• A clear description of the issue
• Steps to reproduce or proof-of-concept details
• Any relevant logs or supporting material

If your report includes sensitive details, you may request our PGP key for encryption.

Responsible Research Guidelines

We ask that all testing be conducted carefully and in good faith. Please:

• Avoid any activity that could disrupt service or degrade performance
• Do not attempt to access or modify data that isn't your own
• Stop immediately and report if you encounter customer or confidential data
• Limit testing to what's necessary to demonstrate the issue
• Use only your own accounts and resources

If you're unsure whether your testing is within scope, contact us before proceeding.

Scope

This program covers:

• The Proxylity UDP Gateway service
• Domains and infrastructure operated by Proxylity LLC
• Integrations provided through the AWS Marketplace listing

Out of scope:

• Denial-of-service or stress testing
• Social engineering or phishing
• Third-party components not controlled by Proxylity

Our Commitment

• We investigate all valid reports promptly
• We will not pursue legal action against researchers who follow this policy
• We will keep you informed of our progress
• We may publicly acknowledge contributions at your request

Safe Harbor

Testing conducted in accordance with this policy is considered:

• Authorized under the Computer Fraud and Abuse Act (CFAA)
• Exempt from Digital Millennium Copyright Act (DMCA) restrictions
• Not subject to civil or criminal action from Proxylity

If any legal questions arise, we will work with you in good faith to resolve them.

Recognition

We do not currently offer monetary rewards, but we value every report that helps improve our security. Researchers who responsibly disclose valid vulnerabilities may be acknowledged on our site, with their consent.