Last updated: 30/03/2025

Vulnerability Disclosure Program (VDP)

At Draft Alpha, our products are built with a customer-first approach, embedding the three core pillars of cybersecurity - integrity, confidentiality and availability - to safeguard sensitive data and uphold customer trust at every level. We recognize the valuable role that security researchers play in helping us maintain these pillars by identifying and reporting vulnerabilities. If you discover a security issue, we encourage you to report it to us responsibly.

Our Security Pillars

• 🔒
  Confidentiality: We implement robust access controls, encryption, and secure data storage practices to protect sensitive information
• ⚡
  Availability: We maintain redundant systems, backup strategies, and disaster recovery plans to ensure consistent service uptime
• ✅
  Integrity: We enforce robust authentication, authorization, and data validation processes to maintain data accuracy and trustworthiness

How to Report a Vulnerability

If you believe you have found a security vulnerability in our platform, please report it by emailing us at:

📧 security@draftalpha.com

When submitting a report, please include:

• •A detailed description of the vulnerability, including the potential impact
• •Steps to reproduce the issue
• •Any relevant screenshots, proof-of-concept code, or logs

Responsible Disclosure Guidelines

We ask that you:

• ✅Act in good faith and avoid privacy violations, data destruction, or service disruption
• ✅Allow us a reasonable time to investigate and resolve the issue before publicly disclosing it
• ✅Comply with all applicable laws and regulations

Our Commitment

• •We will acknowledge receipt of your report within 2 business days
• •We will investigate the issue and provide updates on our progress
• •If applicable, we will credit you for your responsible disclosure (subject to our policy)

Scope of the Program

✅ In Scope:

Security vulnerabilities in Draft Alpha's web application, APIs, and services

❌ Out of Scope:

• •Social engineering, phishing, or physical security attacks
• •Denial-of-service (DoS) attacks
• •Reports related to outdated software without a working proof-of-concept exploit

We appreciate the efforts of security researchers in helping us keep Draft Alpha secure. If you have any questions, feel free to reach out at security@draftalpha.com.