I will investigate legitimate reports and make every effort to quickly resolve any vulnerability. Please make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of my services.
I will not pursue civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy. I consider activities conducted consistent with this policy to constitute "authorized" conduct under the Computer Fraud and Abuse Act. I will not bring a DMCA claim against you for circumventing the technological measures I have used to protect the applications in scope of this program.
If legal action is initiated by a third party against you and you have complied with this security policy, I will take steps to make it known that your actions were conducted in compliance with this policy.
It is also important to note, I will not take legal action against you simply for providing me with a proof of concept of the security vulnerability.

In your report, please include details of:
1. The website, IP or page where the vulnerability exists.
2. A brief description of the type of vulnerability, for example, "XSS vulnerability".
3. The steps required to reproduce. These should be benign, non-destructive, proof of concept. It helps to ensure Beds for Kids can triage the report quickly and accurately. It also reduces the likelihood of duplicate reporting of vulnerabilities or malicious exploitation of some vulnerabilities.

Please direct your report to jeamigh [a t] bedsforkids [d o t] org.

If your submission contains sensitive information, please encrypt using the PGP public key located at: https://bedsforkids.org/sec/jeamigh.asc

If you have any questions or concerns about about my disclosure policy, please do not hesitate to contact me via email (jeamigh [a t] bedsforkids [d o t] org).