Security Policy

Reporting Security Vulnerabilities

We take security seriously. If you discover a security vulnerability in Kdral, please report it responsibly so we can address it promptly.

Email: ping@kdral.com

Our Commitment

• 48-hour acknowledgment: We will acknowledge your report within 48 hours
• Regular updates: We will keep you informed of our progress
• Credit: We will credit you in our security acknowledgments (unless you prefer to remain anonymous)
• No legal action: We will not pursue legal action against researchers who follow responsible disclosure

Responsible Disclosure Guidelines

To ensure the safety of our users, please:

• Do not publicly disclose the vulnerability until we have addressed it
• Do not access or modify data belonging to other users
• Do not perform actions that could harm our service or users
• Provide sufficient detail for us to reproduce and fix the issue
• Allow reasonable time for us to address the vulnerability before disclosure

Scope

This policy covers:

• Kdral CLI and its components
• kdral.com website and subdomains
• Kdral infrastructure and services

Third-party applications installed through Kdral (Komodo, Ghost, etc.) have their own security policies.

Security Acknowledgments

We thank the following researchers for responsibly disclosing security issues:

No vulnerabilities reported yet. Be the first!

PGP Key

For sensitive communications, you may encrypt your message using our PGP key. Contact ping@kdral.com to request our public key.