Security
Your Security and Privacy is Paramount to us at Lioness
Lioness constantly working to improve our apps, services and products for a better and safer experience. We see as core to our users feeling safe, secure, and confident in exploring their sexual wellness—which is the ultimate mission of our company.
We are committed to working with security researchers and the community to verify, reproduce, and respond to reported vulnerabilities.
Scope
Vulnerabilities on all Lioness apps and Lioness owned domains are covered under this program.
Specifically: *.lioness.io
Rules of Engagement and Exceptions
Any activity that would disrupt, damage or adversely affect any third-party data or account is not allowed. Please do not mass create accounts to perform testing against Lioness applications and services. Also, do not perform brute force testing to determine whether rate limiting is in place for particular APIs or pieces of functionality.
Do not publicly disclose any vulnerabilities before you inform us and received a reply from us when it will be fixed. Do not publicly disclose any user information and data even after the bug have been fixed.
The following are strictly prohibited:
- Denial of Service attacks.
- Physical attacks against offices and data centers.
- Social engineering of our service desk, employees or contractors.
- Compromise of Lioness users or employees account.
- Automated tools or scans, botnet, compromised site, end-clients or any other means of large automated exploitation or use of tool that generates a significant volume of traffic.
Reporting
If you discovered a security vulnerability, please email security@lioness.io.
We will respond as quickly as possible to your submission. Please include
- A summary of the problem
- A sequence of steps that can be used to reproduce the problem
We will diligently investigate the details of the issue and will work with you to understand the scope of the issue presented. We will keep you updated as we work to fix the bug you submitted.
Although we strive to respond as quickly as possible to all disclosures, please understand that we may be short-staffed on weekends and major holidays, and it may take longer for us to investigate.
Acknowledgements
We value the contributions by security researchers in improving the security of our products and service offerings. We do not have a bounty/cash reward program for vulnerability disclosures. At our sole discretion, we may give you a reward if we deemed the vulnerability is critical. To express our gratitude for your contribution, we would acknowledge your contribution on our website. Please let us know if you prefer to remain anonymous.
Wall of Thanks:
- Gaurang Maheta - pointing out outdated jQuery 1.12.4 on lioness.io website on 2024-05-04. Discovered to be from Shopify's deprecated Product Reviews app and fixed.