Security Policy

Responsible Disclosure Policy

Reporting a vulnerability

We take security seriously. If you discover a security vulnerability in Digital Relative, please report it to us responsibly.

Email: security@digitalrelative.co.uk

Please include a clear description of the vulnerability, steps to reproduce it, and any relevant technical details. We will acknowledge your report within 2 business days.

What we ask

• Do not access or modify data belonging to other users
• Do not perform denial of service attacks
• Do not use social engineering against our staff or users
• Give us reasonable time to investigate and fix before public disclosure

What you can expect from us

• Acknowledgement within 2 business days
• Regular updates on our progress
• Credit in our security acknowledgements if you wish
• We will not pursue legal action against researchers acting in good faith

Scope

In scope: digitalrelative.co.uk and all subdomains, the Digital Relative mobile and desktop applications.

Out of scope: Third-party services we use (Stripe, Supabase, Onfido), social engineering, physical attacks.

Digital Relative · Registered in England and Wales