Responsible Disclosure

Updated Date: Dec 10, 2025

1. Introduction

At WhizzC, the security and privacy of our customers are our top priorities. We value the contributions of the security community in identifying vulnerabilities in our platform and believe that responsible disclosure is key to maintaining the integrity and trustworthiness of our compliance software. If you have discovered a potential security issue, we appreciate your assistance in disclosing it to us responsibly.

2. Reporting a Vulnerability

If you believe you have found a security vulnerability in WhizzC, please report it to us by following these guidelines:


  1. Contact Us: Send your findings to us at vc@whizzc.com. Please include a detailed description of the vulnerability, steps to reproduce it, and any relevant evidence (e.g., screenshots, logs).

  2. Provide Detailed Information: Clearly outline the nature of the vulnerability and the potential impact. The more detailed your report, the easier it will be for us to understand and address the issue.

  3. Avoid Public Disclosure: Do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and address it. We will work with you to understand the issue and provide updates on our progress.

3. Our Commitment

When you report a vulnerability to us, we commit to:


  • Acknowledging receipt of your report promptly.

  • Keeping you informed of the progress as we investigate and mitigate the issue.

  • Addressing the vulnerability as quickly as possible.

  • Providing you with recognition for your contribution if desired.

4. Scope

This policy applies to any security vulnerabilities you are considering reporting to us, including but not limited to:


  • Web application vulnerabilities

  • API vulnerabilities

  • Data leakage issues

  • Authentication and authorization flaws

  • Security misconfigurations

5. Out of Scope

Please note that the following issues are generally considered out of scope:

  • Denial of Service (DoS) attacks

  • Physical security vulnerabilities

  • Social engineering attacks

  • Spam or phishing emails

6. Recognition

We appreciate the efforts of the security community and believe in recognizing your contributions. If you responsibly disclose a vulnerability, we would be happy to acknowledge your efforts on our website, subject to your consent.

If you have any questions or need further clarification, please do not hesitate to contact us at vc@whizzc.com