← Back to Home

Security Policy

Responsible Disclosure Guidelines for ILovePdfDoc

Overview

At ILovePdfDoc, we take security seriously and appreciate the work of security researchers who help identify and responsibly disclose vulnerabilities in our platform. This policy outlines our expectations and process for responsible vulnerability disclosure.

How to Report a Vulnerability

If you discover a security vulnerability in ILovePdfDoc, please report it to us directly at:

security@ilovepdfdoc.com

Please do not disclose the vulnerability publicly until we have had a reasonable opportunity to address it.

What We Expect

  • Do: Provide a clear and detailed description of the vulnerability, including steps to reproduce it
  • Do: Screenshot or video proof-of-concept if applicable
  • Do: Report one vulnerability per email
  • Do: Give us a reasonable time (minimum 90 days) to fix vulnerabilities before public disclosure
  • Do: Test thoroughly before reporting, using only test accounts

What We Won't Take Action On

We will not accept reports for:

  • User error: Issues resulting from misconfiguration or user mistakes
  • Third-party vulnerabilities: Vulnerabilities in libraries or services we depend on (report those to the vendor directly)
  • Automated scanning: Generic reports from automated vulnerability scanners without proof of actual exploitation
  • Social engineering: Phishing, spam, or social engineering attacks
  • DoS/DDoS: Denial-of-service or brute-force attempts without permission
  • Credentials: Accidentally submitted credentials or API keys (we appreciate you letting us know privately)
  • Missing security headers: Missing HTTP security headers alone (unless with concrete exploitation)
  • Best practices: Suggestions for security hardening that don't constitute actual vulnerabilities

Our Commitment

  • We will acknowledge receipt of your report within 48 hours
  • We will investigate the vulnerability and provide updates every 7 days at minimum
  • We will work toward fixing confirmed vulnerabilities and releasing patches as soon as possible
  • We will provide credit to security researchers who report valid vulnerabilities (unless you prefer anonymity)
  • We will not take legal action against researchers acting in good faith under this policy

In-Scope

This policy applies to:

  • ilovepdfdoc.com and all subdomains
  • Our API endpoints
  • Our web application and server infrastructure
  • Authentication and authorization mechanisms
  • Data handling and encryption practices

Out of Scope

  • Third-party websites or services
  • Physical security
  • Social engineering of employees
  • Brute force attacks without prior authorization
  • Testing on production systems without permission

Contact

For security concerns, please email:

security@ilovepdfdoc.com

Do not include sensitive information in public issues or discussions.

Thank you for helping keep ILovePdfDoc and our users safe. We appreciate your responsible disclosure and commitment to security.

Last updated: March 2026