Responsible Disclosure Policy

Home | Responsible Disclosure Policy

Responsible Disclosure Policy

Effective Date: June 2, 2025

TAWCKS WORLD is committed to ensuring the security of our digital assets, products, and services. We value the contributions of ethical security researchers and members of the public who help us identify and fix vulnerabilities.

1. Purpose

The purpose of this policy is to provide clear guidelines for security researchers who wish to report potential vulnerabilities responsibly, and to outline how TAWCKS WORLD will respond.

2. Scope

This policy applies to vulnerabilities discovered in:

  • Any public-facing website or service owned or operated by TAWCKS WORLD
  • Any applications, platforms, or systems developed or maintained by TAWCKS WORLD

3. Guidelines for Responsible Disclosure

We request that security researchers:

  • Act in good faith to avoid privacy violations, data destruction, or service disruption
  • Provide detailed information to help us reproduce and fix the issue
  • Avoid accessing or modifying data that is not your own
  • Do not publicly disclose vulnerabilities without our express permission

4. What to Include in Your Report

To help us understand and resolve the issue quickly, please include:

  • A clear description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • URLs, screenshots, sample scripts or code (if applicable)
  • Your contact details for follow-up

5. How to Report a Vulnerability

Please report potential security issues to:
Email: connect@tawcks.world

We will acknowledge your report within 7 business days and strive to provide regular updates during the remediation process.

6. What You Can Expect from Us

  • Prompt acknowledgment of your report
  • Investigation and remediation as quickly as possible
  • No legal action for responsible disclosure conducted in good faith
  • Credit (if desired and applicable) in public advisories

7. Exclusions

The following are generally considered out of scope:

  • Social engineering or phishing attempts
  • Physical security vulnerabilities
  • Distributed Denial-of-Service (DDoS) attacks
  • Automated scanning or brute-force tools
  • Issues in third-party systems not controlled by TAWCKS WORLD

8. Legal Safe Harbor

If you act in accordance with this policy and in good faith, your research activities will be considered authorized. We will not initiate legal action against lawful disclosures submitted through proper channels.

9. Updates to This Policy

We may update this policy periodically. Please refer to this page for the latest version. Significant changes will be highlighted.

10. Contact Us

TAWCKS WORLD PTY. LTD.
Lyndhurst, Melbourne, Victoria
Email: connect@tawcks.world
Phone: +61 452 604 422