1. Scope

We welcome reports of any security vulnerabilities affecting Ocumeda’s services, platforms, and products.

2. Disclosure Policy

We encourage researchers to disclose vulnerabilities to us responsibly, without disclosing them publicly until we’ve had a chance to investigate and remediate the issue. Our goal is to protect our users and systems as efficiently and transparently as possible.

• We will promptly investigate all legitimate reports and work to remediate verified issues.

• Please avoid violating user privacy, destroying data, or disrupting production systems while researching.

• We will not pursue legal action or file complaints for accidental, good-faith policy violations made during vulnerability testing.

• Activities conducted in accordance with this policy are considered “authorized” under applicable computer misuse laws.

3. Safe Harbor

If a third party initiates legal action against you for security research performed in compliance with this policy, we will clarify that your actions were authorized by Ocumeda. We will also not pursue legal action solely for receiving a proof-of-concept demonstrating a vulnerability.

4. Proof of Concept (PoC) Guidelines

• Clearly describe the vulnerability and its potential impact.

• Provide step-by-step reproduction details without exposing sensitive data.

• Limit any exploit testing to avoid harm or broad disruptions.

5. No Bounty

We do not currently offer monetary rewards for reported vulnerabilities, but we greatly appreciate your efforts to help us improve security.

6. Contact

For questions, concerns, or to submit a vulnerability report, email us at: security@ocumeda.com