SyraxOps – Vulnerability Disclosure & Acceptable Use Policy

Purpose

At SyraxOps, security is a core priority. This policy defines clear boundaries for reporting security issues while explicitly stating that no active security testing or scanning is authorized against SyraxOps systems.

SyraxOps does not invite, permit, or consent to vulnerability scanning, probing, enumeration, or testing of any kind. This policy exists solely to provide a responsible channel for reporting accidentally discovered security issues.

📍 Scope

This policy covers syraxops.com and any subdomains operated directly by SyraxOps.

Third-party services (including Cloudflare infrastructure we do not control), embedded content, analytics platforms, hosting providers, or any external systems are out of scope unless explicitly stated in writing.

📬 How to Report a Vulnerability

Please send reports to contact@syraxops.com.

Include the following whenever possible:

• A clear description of the issue
• Steps required to reproduce
• Proof-of-concept (non-destructive if provided)
• Your contact details (optional)

🛡️ Reporting Rules

• Only security issues discovered accidentally during normal browsing may be reported.
• No active testing, scanning, probing, enumeration, or exploitation is permitted.
• Do not access, modify, delete, or exfiltrate data you do not own.
• Do not disrupt availability, performance, or monitoring systems.
• Do not publicly disclose findings under any circumstances.
• All reports must be submitted exclusively via the contact method above.

❌ Prohibited Actions

Security & Abuse

• Any form of automated or manual security scanning or probing.
• Port scanning, directory enumeration, or endpoint discovery.
• High-load, aggressive, or denial-of-service testing.
• Attempts to access private accounts, authentication systems, or restricted data.
• Social engineering, phishing, or impersonation.
• Uploading malware, exploit payloads, backdoors, or persistence mechanisms.
• Attacks targeting Cloudflare, hosting providers, or other third-party infrastructure.

Intellectual Property & Content Use

• Copying, reverse-engineering, or redistributing site source code.
• Replicating or reusing animations, UI components, layouts, or stylistic elements.
• Reproducing branding, design concepts, or custom interactive components.
• Scraping or extracting assets (JavaScript, CSS, images, fonts, animations) for reuse.

Public accessibility or obfuscation does not imply permission to copy or derive works from site assets.

🎉 Recognition

At our discretion, responsible reporters may be acknowledged on a future Hall of Fame page if they request it.

💰 No Bug Bounty

SyraxOps does not operate a paid bug bounty program. Submitting a vulnerability report does not guarantee monetary compensation.

🤝 Our Position

• No security testing is authorized under this policy.
• SyraxOps does not grant safe harbor for scanning, probing, or testing activity.
• Reports resulting from active testing are considered unauthorized.
• Accidentally discovered issues may be reviewed at SyraxOps’ discretion.

⚖ Governing Law

This policy is governed by the laws of Australia. Disputes fall under the applicable local jurisdiction.