Security Policy

Vulnerability Disclosure Policy

BTOVEN LLC takes the security of our systems and user data seriously. We welcome feedback from security researchers and the broader community to help us maintain a secure environment.

If you believe you have discovered a security vulnerability in any of our systems, products, or services, we encourage you to report it to us promptly and responsibly.

Reporting Guidelines

Please report vulnerabilities by emailing security@btoven.com. If available, encrypt your report using our PGP key.

When reporting, please include:

• A clear description of the vulnerability.
• Steps to reproduce the issue.
• The affected system, URL, or component.
• Any proof-of-concept code or screenshots (if applicable).
• Your preferred contact information for follow-up.

We aim to acknowledge receipt within 48 hours and provide an initial assessment within 5 business days.

Responsible Disclosure

We ask that researchers:

• Allow us reasonable time to investigate and remediate before publicly disclosing the vulnerability.
• Not exploit the vulnerability beyond what is necessary to demonstrate it.
• Not access, modify, or delete data that does not belong to you.
• Comply with all applicable laws.

We will not take legal action against researchers who act in good faith and follow these guidelines.

Scope

This policy applies to all systems, products, and services operated by BTOVEN LLC, including but not limited to:

• btoven.com and all subdomains.
• Managed security products and services.
• API endpoints and infrastructure.

Third-party services and open source dependencies are subject to their own security policies and disclosure processes.

Contact

For security-related inquiries: