Skip to main content

Security Policy

Reporting a Vulnerability

We take security very seriously at OverBlock. If you believe you’ve found a security vulnerability, please report it to us privately.

Do not disclose vulnerabilities publicly or through GitHub issues.

Instead, contact us via email at security@overblock.io.

You should receive an acknowledgment within 48 hours. If you don’t, please follow up to ensure your message was received.

When reporting, include as much detail as possible:

  • Type of issue (e.g., XSS, SQL injection, data exposure)
  • Steps to reproduce
  • Impact assessment
  • Any proof-of-concept code or screenshots
  • Affected environment or API endpoint

We ask that you:

  • Avoid testing in ways that could disrupt our services
  • Not access or modify customer data
  • Follow responsible disclosure guidelines

What to Expect

After receiving your report, we will:

  1. Confirm receipt within 48 hours
  2. Investigate and validate the issue
  3. Coordinate a fix as soon as possible
  4. Credit you in our advisory (if you wish)

Security Practices

While we do not disclose internal details, we maintain:

  • Regular security reviews and code audits
  • Role-based access control
  • Encrypted data in transit (TLS) and at rest
  • Strict key and secret management
  • 2FA enforced for internal systems
  • Backups and disaster recovery testing

Supported Environments

Security updates are automatically deployed to production environments.
No manual user action is required.

We respect responsible disclosure.
If you find a vulnerability, email security@overblock.io, keep it private, and we’ll fix it quickly.
We follow best practices for encryption, access control, and data protection, though details stay internal.