Uhpenry
Security Policies

Vulnerability Disclosure Policy

Sets forth the terms, conditions, and procedures for reporting potential security vulnerabilities affecting Uhpenry systems, applications, and infrastructure.

1. Purpose

Uhpenry (“the Platform”) is committed to maintaining the confidentiality, integrity, and availability of its systems, applications, and infrastructure.
This Vulnerability Disclosure Policy (“Policy”) establishes the authorized process for reporting suspected security vulnerabilities, the scope of valid testing, and the protections afforded to individuals who act in good faith under this Policy.

2. Scope

2.1 This Policy applies to:

  • Uhpenry-operated web applications, APIs, and booth tools within the *.uhpenry.com domain.

  • GitHub-integrated project workflows and related repository automation.

  • Public or authenticated endpoints and services used by Uhpenry.

  • Marketplace logic, access control mechanisms, transactional flows, and associated infrastructure.

    2.2 Systems, services, or environments not expressly listed above are out of scope and may not be tested without prior written authorization.

3. Authorized Testing and Reporting

3.1 Reports must be submitted confidentially to:
support@uhpenry.com

3.2 Each report should include:

  • A clear description of the vulnerability.

  • Steps to reproduce the issue in detail.

  • Relevant logs, screenshots, or proof-of-concept code.

  • Optional contact information for follow-up.

    3.3 By submitting a report, you represent that you have not:

  • Accessed, modified, or destroyed data belonging to Uhpenry or its users.

  • Shared, sold, or otherwise disclosed the vulnerability to any third party prior to Uhpenry's written confirmation of remediation.

  • Engaged in testing that violates applicable law.

4. Uhpenry Commitments

Upon receipt of a valid vulnerability report, Uhpenry will:

  1. Acknowledge receipt within three (3) business days.
  2. Classify the vulnerability according to severity and potential impact.
  3. Provide status updates at reasonable intervals.
  4. Notify the reporter upon resolution and, where applicable, credit the reporter (with consent) in Uhpenry's public acknowledgments.

5. Rules of Engagement

5.1 Permitted activities under this Policy include:

  • Testing only within the scope defined in Section 2.

  • Using proof-of-concept methods that do not cause harm, service degradation, or data loss.

    5.2 Prohibited activities include:

  • Exploiting a vulnerability beyond proof-of-concept.

  • Using automated tools to perform denial-of-service, brute-force, or resource-exhaustion attacks.

  • Conducting social engineering or phishing against Uhpenry staff, users, or third parties.

  • Targeting systems outside of defined scope.

6. Safe Harbor

6.1 If you comply fully with this Policy, Uhpenry will not initiate legal action against you for security testing activities conducted in good faith.
6.2 This commitment does not extend to actions that are reckless, malicious, or in violation of applicable laws.

7. Exclusions from Scope

Reports related to the following will be considered out-of-scope:

  • Clickjacking on non-sensitive pages.
  • Vulnerabilities in outdated browsers, plugins, or operating systems.
  • Issues that require already-compromised, high-privilege accounts without a viable privilege escalation path.
  • Rate-limiting or brute-force issues on non-authentication endpoints.

8. Rewards and Recognition

Uhpenry does not currently offer monetary rewards for vulnerability reports.
However, at Uhpenry's sole discretion, contributors may be recognized in a Hall of Thanks, receive booth perks, or earn platform badges.

9. Policy Updates

Uhpenry may modify or update this Policy at any time.
Updated versions will be posted on the Platform's legal policies page and will become effective immediately upon publication.

Contact:
support@uhpenry.com
Subject line: “Vulnerability Disclosure Report”

Account Recovery Policy

Establishes the terms, procedures, and limitations governing account recovery requests on Uhpenry.

DMCA Templates

Templates to guide users in submitting DMCA takedown requests and counter-notices. These are provided to assist with copyright-related disputes on Uhpenry and should be used with care.

On this page

1. Purpose2. Scope3. Authorized Testing and Reporting4. Uhpenry Commitments5. Rules of Engagement6. Safe Harbor7. Exclusions from Scope8. Rewards and Recognition9. Policy Updates