HardRoadVirtues Security & Vulnerability Disclosure Policy

Last updated: [2026-01-13]

We take the security and privacy of HardRoadVirtues seriously. If you believe you’ve found a security or privacy vulnerability in the HardRoadVirtues app, our website, or related services, please report it responsibly so we can investigate and resolve it.

How to report a vulnerability

Email: [brendan@hardroad.us]

Subject line: “Security report — HardRoadVirtues”

Please include:

- A clear description of the issue and potential impact

- Steps to reproduce (proof-of-concept preferred, if safe)

- Affected versions/devices (iOS version, app version)

- Any relevant logs, screenshots, or network traces (redact personal data)

Response timelines

- We will acknowledge receipt within [3] business days.

- We will provide an initial assessment within [10] business days.

- We will work toward a fix as quickly as practical based on severity and complexity.

Responsible disclosure

We ask that you:

- Do not publicly disclose the vulnerability before we have had a reasonable opportunity to investigate and remediate.

- Do not access or modify user data that is not your own.

- Do not disrupt service availability (e.g., DoS), spam, or social engineering.

Safe harbor

If you make a good-faith effort to follow this policy, we will not pursue legal action against you for security research conducted in compliance with these guidelines. This does not extend to actions that are malicious, exploitative, or violate applicable laws.

Scope

In scope:

- HardRoadVirtues iOS app

- Our official website(s) and any endpoints/services we operate for the app

Out of scope:

- Vulnerabilities in third-party services or platforms we do not control

- Social engineering, phishing, or physical attacks

- Denial-of-service testing

Bounty

We do not currently offer a paid bug bounty program. We will gladly acknowledge valid reports (with your permission) in release notes or on this page.

Privacy note

HardRoadVirtues is designed to minimize data collection and protect user data. For details on what the app collects and how it is handled, see our Privacy Policy:

[https://hardroad.us/privacy]

Contact

Security reports: [brendan@hardroad.us]

General support: [brendan@hardroad.us]