Vulnerability Disclosure Policy

At Blue Banana Software, security and privacy are taken seriously. We welcome reports from security researchers and users who believe they have discovered a vulnerability in the application or related services.

Reporting a Vulnerability

If you believe you have identified a security issue, please report it by email to:

security@inyourface.app

Please include as much information as possible, including:

  • A description of the issue
  • Steps to reproduce the problem
  • The affected platform and version (macOS, iOS, or Windows)
  • Any proof-of-concept code or screenshots
  • Your contact information

Scope

This policy applies to:

  • In Your Face for macOS
  • In Your Face for iOS
  • In Your Face for Windows
  • The In Your Face website
  • Related APIs and services operated by Blue Banana Software

What to Expect

  • Reports will be acknowledged within 3 business days.
  • Valid reports will be investigated promptly.
  • You may be contacted for additional information.
  • Once the issue is confirmed and resolved, you may be notified.

Safe Harbor

If you act in good faith and follow this policy, Blue Banana Software will not initiate legal action against you for your research.

We ask that you:

  • Avoid accessing, modifying, or deleting data that does not belong to you
  • Do not disrupt the availability of the service
  • Do not use social engineering, phishing, or physical attacks
  • Keep information about the vulnerability confidential until it has been addressed

Out of Scope

The following activities are not permitted under this policy:

  • Denial-of-service or resource exhaustion attacks
  • Spam or social engineering
  • Physical security attacks
  • Automated scanning that negatively impacts service availability
  • Testing against third-party services not controlled by Blue Banana Software

Disclosure Process

We request that vulnerabilities are reported privately and not disclosed publicly until a fix has been released or both parties agree that disclosure is appropriate.

Recognition

At this time, no financial rewards or bug bounty payments are offered. However, valid reports are greatly appreciated and may be acknowledged publicly with the reporter’s permission.

Contact

For all security-related inquiries, please contact:

security@inyourface.app