Security Research Program
We take security seriously and appreciate responsible disclosure. Help us keep our platform and customers safe.
Report a Vulnerability
Security for Healthy Homes is managed by Carpathian AI. If you've discovered a security vulnerability, please report it to:
security+hhc@carpathian.aiWhat to Include in Your Report
- Description: A clear description of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Impact Assessment: Potential impact and severity
- Proof of Concept: Any proof-of-concept code (if applicable)
- Environment Details: Browser, OS, or other relevant environment information
Our Commitments to You
48-Hour Acknowledgment
We commit to acknowledging receipt of your report within 48 hours.
Regular Updates
We'll provide regular updates on our investigation and remediation progress.
Public Recognition
We'll credit researchers (if desired) once the issue is resolved and disclosed.
Scope
In Scope
- • healthyhomecentral.com (all subdomains)
- • Authentication and authorization flaws
- • SQL injection, XSS, CSRF vulnerabilities
- • Data exposure or privacy issues
- • Server-side security issues
- • Business logic vulnerabilities
Out of Scope
- • Denial of Service (DoS/DDoS) attacks
- • Social engineering attacks
- • Physical security issues
- • Third-party services and applications
- • Spam or social media content
- • Issues requiring physical access
Safe Harbor
We consider security research conducted in accordance with this program to be:
- • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA)
- • Exempt from DMCA restrictions
- • Lawful and we will not pursue civil or criminal action
As long as you follow responsible disclosure practices and don't access, modify, or delete customer data beyond what's necessary to demonstrate the vulnerability.