Security Disclosure
Codex Vitae values responsible security research and encourages the private reporting of potential vulnerabilities that may affect the platform.
Coordinated disclosure helps ensure that potential security issues can be investigated and resolved responsibly, protecting both the platform and the individuals who depend on it to preserve their personal digital archives.
Reporting a Vulnerability
Potential security vulnerabilities should be reported directly to the Codex Vitae security team at:
When reporting a potential vulnerability, please include as much of the following information as possible:
- ◆A description of the vulnerability and its potential impact
- ◆The affected URLs, systems, or platform components
- ◆Steps required to reproduce the issue
- ◆Any supporting evidence or proof-of-concept information
Detailed reports help the security team investigate and address issues efficiently. Reports that include clear reproduction steps are especially valuable.
Scope
This disclosure policy applies to systems operated directly by Codex Vitae. This includes:
- ◆codexvitae.life
- ◆codexvitae.cloud
- ◆Official Codex Vitae web applications and services
Systems operated by third-party service providers, including hosting providers, payment processors, and other infrastructure partners, are outside the scope of this policy. Vulnerabilities affecting third-party services should be reported directly to those providers.
Responsible Testing Guidelines
Security research must be conducted in a manner that avoids harm to users, data, or platform infrastructure. Researchers should not:
- ◆Access, download, or modify user data
- ◆Access accounts belonging to other users without authorization
- ◆Intentionally disrupt platform services or degrade system availability
- ◆Perform large-scale automated scanning that could affect system stability
- ◆Conduct social engineering, phishing, or other attacks targeting Codex Vitae users or staff
- ◆Exploit vulnerabilities beyond what is necessary to demonstrate the issue
Testing should remain limited to identifying potential vulnerabilities and reporting them privately through the contact information provided above.
Coordinated Disclosure
Codex Vitae encourages coordinated disclosure. Researchers are asked to report vulnerabilities privately and allow reasonable time for investigation and remediation before any public disclosure.
Coordinated disclosure helps protect users while issues are being investigated and addressed. Premature public disclosure of unresolved vulnerabilities may put users and their personal digital archives at risk.
We appreciate the patience and professionalism of researchers who follow coordinated disclosure practices.
Good Faith Reporting
Codex Vitae does not intend to pursue legal action against individuals who report potential vulnerabilities in good faith and in accordance with this disclosure policy.
Research activities must remain compliant with all applicable laws and must not violate the privacy or rights of Codex Vitae users. Accessing, copying, or modifying user data is not authorized under this policy.
Good faith reporting means acting with the intent to improve platform security, following the guidelines described in this policy, and communicating findings privately through the designated contact channels.
Our Commitment
When a vulnerability report is received, the Codex Vitae security team will:
- ◆Acknowledge receipt of the report
- ◆Investigate the reported issue
- ◆Work toward remediation when the issue is confirmed
- ◆Communicate with the reporter as appropriate during the process
We appreciate the efforts of security researchers who help improve the safety and integrity of the Codex Vitae platform. Responsible disclosure contributes to the protection of the personal digital archives that users entrust to the platform.