GOFAMO

GoFamo Responsible Disclosure Policy

Effective Date: 10/23/2025
Last Updated: 11/06/2025

At GoFamo LLC, we take security seriously. Protecting the privacy and integrity of our systems, users, and partners is a top priority. We recognize that responsible security research helps keep the digital ecosystem safe, and we welcome reports of potential vulnerabilities in our products, services, or infrastructure.

1. Purpose

This Responsible Disclosure Policy outlines how security researchers, partners, and members of the public can report vulnerabilities to GoFamo in a safe, lawful, and coordinated manner.

2. Scope

This policy applies to all GoFamo-owned digital assets, including (but not limited to):

  • Domains: gofamo.com, munekas.com, munekita.com, oneinabill.com, and other GoFamo-operated platforms.

  • Applications: Web apps, SaaS tools, and APIs developed or managed by GoFamo.

  • Infrastructure: Servers, databases, and cloud services within GoFamo’s network perimeter.

Note: This policy does not authorize testing on third-party services integrated with GoFamo (e.g., AWS, OpenAI, Stripe, Cloudflare).

3. Our Commitment

When you share a security concern responsibly, we will:

  1. Acknowledge receipt of your report within 3 business days.

  2. Provide an estimated timeline for triage, validation, and remediation.

  3. Keep you informed as progress is made.

  4. Credit your contribution (if desired and permitted).

  5. Never pursue legal action for good-faith, responsible research conducted within scope.

4. Research Guidelines

We ask that you:

  • Do not exploit vulnerabilities beyond what is necessary to prove their existence.

  • Do not access, modify, or delete data that does not belong to you.

  • Do not disrupt or degrade GoFamo services (e.g., through DDoS, spam, or load testing).

  • Do not publicly disclose information about a vulnerability until it has been resolved.

  • Follow applicable laws and industry best practices at all times.

Good-faith security testing typically includes safe methods like:

  • Examining non-sensitive endpoints or publicly accessible assets.

  • Testing with your own accounts and data.

  • Using passive reconnaissance tools that do not harm systems or users.

5. Reporting a Vulnerability

If you believe you have discovered a vulnerability or security risk, please contact us immediately:

📧 Contact Us

Please include:

  • A clear description of the vulnerability and potential impact.

  • Steps to reproduce (URLs, endpoints, sample requests, etc.).

  • Your contact information and any relevant screenshots or logs.

To protect you and others, do not share vulnerability details publicly until we confirm resolution.

6. Out of Scope

The following activities are not permitted under this policy:

  • Social engineering (phishing, pretexting, etc.).

  • Physical security testing of offices or data centers.

  • Denial-of-service (DoS/DDoS) attacks.

  • Spam or brute-force login attempts.

  • Accessing or downloading data belonging to other users.

7. Recognition and Gratitude

We value the contributions of ethical researchers. While GoFamo does not currently offer a formal bounty program, we publicly acknowledge significant findings (with your permission) in our Security Hall of Thanks and may offer other forms of appreciation.

8. Legal Safe Harbor

GoFamo pledges that if you:

  • Act in good faith and within this policy,

  • Do not exploit, exfiltrate, or harm data,

  • Report promptly and privately —

then we will consider your actions authorized and will not pursue or support legal action against you under applicable anti-hacking laws.

9. Confidentiality

We handle all vulnerability reports with strict confidentiality.
Information shared with GoFamo through this policy will only be used for:

  • Evaluating and remediating the issue, and

  • Communicating with the researcher involved.

We never disclose reporter identities without consent.

10. Continuous Improvement

Security is a shared responsibility. We continually evolve this policy to reflect industry standards, new technologies, and lessons learned from the research community.
Updated versions will be posted at gofamo.com/responsibility-disclosure

11. Contact

GoFamo LLC – Security Team