Responsible Disclosure

Last Updated: March 6, 2026

At GooshCloud, the security and privacy of our users and customers are extremely important to us. We welcome reports from security researchers and the community to help identify vulnerabilities in our systems.

This Responsible Disclosure Policy outlines how to report security issues and how we handle vulnerability reports.

1. Scope

This policy applies to security vulnerabilities found in systems and services owned or operated by GooshCloud, including:

• GooshCloud websites and web applications
  
  

• GooshCloud APIs
  
  

• Cloud platform infrastructure
  
  

• Customer dashboards and management portals
  
  

• Official GooshCloud mobile or desktop applications
  
  

If you are unsure whether a system is in scope, please contact us before testing.

2. How to Report a Vulnerability

If you discover a security vulnerability, please report it as soon as possible:

• by emailing: [email protected] 

• trough our ticketsystem: https://servicedesk.gooshcloud.com/support/home 

Please include the following information:

• A clear description of the vulnerability

• Steps required to reproduce the issue

• Proof-of-concept code or screenshots (if available)

• The potential impact of the vulnerability

• Your contact information for follow-up

Providing detailed reports helps us resolve issues faster.

3. Responsible Testing Guidelines

When conducting security research, please:

• Act in good faith and avoid violating user privacy
  
  

• Do not access or modify other users’ data
  
  

• Do not disrupt services (e.g., DDoS attacks)
  
  

• Do not exploit vulnerabilities beyond proof-of-concept
  
  

• Do not perform automated large-scale scanning that could impact system performance
  
  

Testing must not negatively affect GooshCloud services or users.

4. Disclosure Process

Once we receive your report:

1. We will acknowledge receipt of your report within 3–5 business days.
   
   

2. Our security team will investigate the issue.
   
   

3. We will work to fix verified vulnerabilities as quickly as possible.
   
   

4. We may contact you for additional information during the investigation.
   
   

5. Once resolved, we may coordinate a public disclosure if appropriate.
   
   

We ask that researchers do not publicly disclose vulnerabilities until we have had a reasonable opportunity to resolve the issue.

5. Safe Harbor

If you follow this Responsible Disclosure Policy:

• We will consider your research authorized
  
  

• We will not pursue legal action related to your report
  
  

• We will work with you to understand and resolve the issue
  
  

This safe harbor applies only to actions performed in good faith and within the scope of this policy.

6. Recognition

We appreciate the contributions of security researchers. With your permission, we may credit your contribution in security advisories.

7. Out-of-Scope Activities

The following activities are not permitted under this policy:

• Social engineering attacks
• Phishing campaigns
• Physical security attacks
• Spam or automated abuse
• Denial-of-service attacks
• Accessing accounts or data without permission
• Improper use of AI technology

8. Contact

For all security-related concerns, please contact:

GooshCloud Security Team
[email protected]

If you believe a vulnerability poses an immediate risk, please mark your email as URGENT. We appreciate your efforts in helping keep GooshCloud secure for everyone.