Security Policy
Last updated: April 19, 2026
Security Policy
webcamcnc ("we," "our," or "us") takes the security of WebCAM CNC and our users seriously. This page describes how we handle vulnerability reports and what you can expect when you contact us.
Supported scope
This policy applies to the web application and related services we operate for WebCAM CNC, including APIs and background processing that we control. Reports should relate to vulnerabilities that could realistically affect the confidentiality, integrity, or availability of user data or our systems.
Out of scope
We generally do not treat the following as in-scope vulnerabilities for this program:
- Denial-of-service against infrastructure without a clear, reproducible flaw in our application layer
- Reports that rely solely on automated scanners without a clear exploit path
- Issues in third-party services or libraries unless they affect our integration in a novel way (we may still forward reports to vendors)
- Social engineering or physical attacks
How to report a vulnerability
Please send reports through support channels listed on our website (for example, the contact or support options we publish for WebCAM CNC). Include:
- A clear description of the issue and affected component or URL
- Steps to reproduce, or a proof of concept where safe to share
- Your assessment of impact, if you can share it
Do not publicly disclose details of a potential vulnerability until we have had a reasonable opportunity to investigate and mitigate. We appreciate coordinated disclosure.
What to expect
- We will acknowledge receipt when we can and aim to keep you informed of meaningful status updates.
- We may ask for additional information to reproduce or validate the issue.
- We do not operate a public bug bounty program; recognition is at our discretion.
Safe harbor
If you make a good-faith effort to avoid privacy violations, destruction of data, or interruption of our services—and you follow this policy—we will not pursue civil or criminal action against you for your research. Do not access data that is not yours, and do not perform testing that could harm other users or systems.
Changes
We may update this Security Policy from time to time. The published "Last updated" date reflects the latest revision.
Related policies
- Privacy Policy — how we handle personal data
- Terms of Service — rules for using the Service