Security Policy

Triple Speed Technology takes security reports seriously and appreciates responsible disclosure.

How to Report a Vulnerability

Send reports to security@3speed.tech.

Please include as much detail as possible:

• A clear description of the issue.
• Affected URL, endpoint, or system component.
• Step-by-step reproduction instructions.
• Proof-of-concept details, logs, screenshots, or request/response samples.
• Your name and preferred contact information.

Scope

This policy applies to publicly accessible systems and web properties owned and operated by Triple Speed Technology, including https://3speed.tech.

Safe Testing Expectations

You agree to:

• Avoid privacy violations, data destruction, and service disruption.
• Avoid social engineering, phishing, or physical attacks.
• Avoid accessing, modifying, or deleting data that is not your own.
• Stop testing immediately after confirming a vulnerability and report promptly.

Out of Scope

The following are generally out of scope unless they demonstrate material security impact:

• Denial-of-service (DoS/DDoS) or resource exhaustion testing.
• Spam, social engineering, or clickjacking-only findings.
• Missing best-practice headers without exploitability.
• Vulnerabilities in third-party services outside our control.

Response Process

Our target response times are:

• Acknowledgement within 3 business days.
• Initial triage decision within 10 business days.
• Remediation timeline shared for valid findings based on severity and risk.

We may request additional details during investigation.

Disclosure and Recognition

Please do not publicly disclose vulnerabilities until we confirm remediation or provide written approval.

At this time, Triple Speed Technology does not offer a paid bug bounty program. We may provide non-monetary recognition for valid reports at our discretion.