Responsible Disclosure Policy
Last Updated: July 2026
Dreamwriter takes the security of its systems, products, and customer data seriously. We value the efforts of security researchers and members of the public who responsibly report potential security vulnerabilities.
Reporting a Vulnerability
If you believe you have identified a security vulnerability affecting Dreamwriter, please report it to support@dreamwriter.ai.
Please include, where possible:
- A description of the suspected vulnerability
- The affected product, service, URL, or endpoint
- Steps required to reproduce the issue
- Screenshots, logs, or proof-of-concept information
- The potential impact of the vulnerability
- Your contact information, if you would like a response
Please do not include customer data, personal information, credentials, or other sensitive data unless specifically requested by Dreamwriter through an approved secure communication channel.
Responsible Research Guidelines
When investigating or reporting a potential vulnerability, please:
- Make a good-faith effort to avoid accessing, modifying, downloading, or deleting data belonging to Dreamwriter, its customers, or other users
- Avoid disrupting Dreamwriter's services or availability
- Do not perform denial-of-service testing, social engineering, phishing, physical security testing, or testing involving third-party systems
- Do not use automated tools that generate excessive traffic
- Stop testing and notify us immediately if you encounter customer data, personal information, credentials, or other confidential information
- Allow Dreamwriter a reasonable opportunity to investigate and address the issue before publicly disclosing it
Our Commitment
Dreamwriter will review reports submitted in good faith and will make reasonable efforts to:
- Acknowledge receipt of the report
- Investigate and validate the reported issue
- Keep the reporter informed when appropriate
- Remediate validated vulnerabilities based on their severity and risk
Dreamwriter does not currently operate a public bug bounty program and does not guarantee compensation for submitted reports.
We ask that researchers comply with applicable laws and this policy. Dreamwriter will not pursue legal action against individuals who conduct good-faith security research in accordance with this policy.
Scope
This policy applies to Dreamwriter-owned products, applications, websites, and infrastructure.
Third-party services, customer-managed environments, and systems not owned or controlled by Dreamwriter are outside the scope of this policy.