Voxdash logo

VoxDash
Advanced search
Data projects
Survey questions
Vendors
Individuals
Topics
Geographies
Share your data
VoxDash policies
Table of contents

1

Terms of Service

2

Privacy Policy

3

Copyright Policy

4

AI Use Policy

5

Vendor Subscription Terms

6

Open Science

7

Content Standards

8

GDPR

9

Security Statement

10

Responsible Disclosure

11

Sub-processors

Responsible Disclosure

Effective Date: Nov 5, 2025

Purpose

VoxDash welcomes reports of potential security vulnerabilities from the research community and the public. We value coordinated disclosure and responsible testing that help protect the integrity of our platform, users, and data. This policy outlines the process for reporting vulnerabilities and describes the benefits you can expect in return. We encourage security researchers to act responsibly and to report any findings directly and privately to VoxDash before making them public.

Scope

This policy applies to:

•All production systems under the voxdash.com domain

•Application subdomains (e.g., app.voxdash.com)

•Public endpoints and APIs offered by VoxDash

It does not cover:

•Third-party integrations or vendor systems (e.g., Stripe, Azure, Twilio) should be reported directly to those vendors.

•Social-engineering attacks, phishing, or physical security testing

•Denial-of-service, load, or stress testing

•Automated scanning that may affect service availability or performance

Rules for Testing

We ask that you:

•Avoid accessing, modifying, or destroying data that is not your own.

•Stop testing immediately if you encounter user data or confidential information.

•Limit testing to your own accounts and non-production data.

•Do not publicly disclose any information about a vulnerability until VoxDash has confirmed and mitigated it.

•Do not attempt to disrupt or degrade our services.

•Do not use automated scanners that generate excessive traffic.

•Do not execute denial-of-service or stress testing.  

•Do not send spam, phishing, or social-engineering communications.  

•Do not access, modify, or delete customer data.  

•Do not introduce malware or security scanners that degrade service performance.  

•Do not exploit any vulnerability beyond the minimum required to demonstrate risk.  

•Do not exfiltrate, copy, or share confidential information. 

Treat all information obtained during testing as confidential and never share, disclose, or publish it without VoxDash’s written consent. Testing must be performed responsibly and in compliance with applicable laws. Testing that complies with this policy is considered authorized under Canadian and applicable international computer-security laws.

Reporting a Vulnerability

Send your report to [email protected] with the subject line “Reporting a Vulnerability”. 

To help us reproduce and fix the issue quickly, include:

•A clear description of the vulnerability and its potential impact

•Step-by-step instructions or proof of concept

•URLs, parameters, and affected components

•Screenshots or logs (if available)

•Your contact information for follow-up

We encourage you to encrypt sensitive details. Please do not include personal data in vulnerability reports.

Reports we will not respond to:

•Generic scanner output without a working proof of concept.

•Missing security headers or TLS configuration grades.

•Issues limited to outdated browsers or unsupported clients.

•Publicly known or previously reported vulnerabilities.

•Reports unrelated to VoxDash-controlled assets.

Our Commitment

When you report a vulnerability in good faith:

•We will acknowledge receipt.

•We will provide status updates until the issue is resolved.

•We will not pursue legal action for testing that follows this policy.

•We will credit you by name (if desired) in our acknowledgments once remediation is complete.

•We will aim to remediate or mitigate validated vulnerabilities, depending on severity.

We currently do not offer financial rewards or bug bounties, but we recognize and appreciate responsible research contributions publicly when permitted.

Safe Harbor

If your actions are consistent with this policy:

•VoxDash will consider your research authorized and will not initiate legal action.

•If a third party initiates legal action in connection with your research, we will make clear that your actions were conducted under this policy.

To qualify, you must act in good faith and avoid harm to users, systems, and data. Nothing in this policy grants permission to access user accounts or data beyond your own; such activity voids Safe Harbor protection.

Coordinated Disclosure

Please allow VoxDash a reasonable amount of time to verify and remediate reported issues before public disclosure. We may request additional time if a fix requires significant architectural changes or dependency updates. We prefer that researchers coordinate with us directly rather than publishing details independently.

Amendments

VoxDash may revise this policy from time to time. The latest version will always be available at voxdash.com/policies/responsible.

Continued testing or submissions after changes take effect constitute acceptance of the updated terms.

Questions?

For additional information about our security practices, please contact us. 

(Informational overview. The VoxDash Terms of Service remain the binding document. This text may be updated.)