Responsible Disclosure Policy

Effective Date: 8 April 2026 · Last Updated: 8 April 2026

At MaidHive, we take the security of our platform and user data seriously.

We welcome responsible security research and encourage individuals to report potential vulnerabilities in a manner that protects our users and the integrity of the platform.

This Responsible Disclosure Policy outlines how vulnerabilities should be reported and how MaidHive will respond to such reports.

Scope

This policy applies to vulnerabilities affecting the following systems operated by MaidHive:

The MaidHive website and web application
User authentication and account access
Booking workflows and booking state management
Messaging systems
Payment-related flows (including Stripe integrations)
APIs and backend services operated by MaidHive

The following are out of scope:

Third-party services not controlled by MaidHive (e.g. Stripe, hosting providers)
Issues requiring access to third-party infrastructure

Vulnerabilities affecting third-party services should be reported directly to the relevant provider.

How to Report a Vulnerability

If you discover a potential vulnerability, please report it to:

security@maidhive.app

Please include:

A clear description of the vulnerability
Steps required to reproduce the issue
Any supporting evidence (screenshots, logs, or proof-of-concept)
The potential impact of the vulnerability

Providing detailed information will help us investigate and resolve the issue more efficiently.

Responsible Testing Guidelines

When conducting security research, you agree to:

Act in good faith and avoid exploiting vulnerabilities beyond what is necessary to demonstrate the issue
Avoid accessing, modifying, or deleting data that does not belong to you
Avoid actions that could negatively impact platform availability (e.g. denial-of-service attacks)
Not attempt social engineering, phishing, or physical security testing
Not publicly disclose the vulnerability until MaidHive has had a reasonable opportunity to investigate and resolve the issue

If your testing involves exposure to personal data, you must stop testing immediately and report the issue.

Our Commitment

If you report a vulnerability in accordance with this policy:

We will acknowledge receipt of your report
We will investigate the issue in a timely manner
We will keep you informed of progress where appropriate
We will take reasonable steps to resolve confirmed vulnerabilities

MaidHive will not pursue legal action against individuals who act in good faith, comply with this policy, and do not violate applicable laws.

This protection applies only to activities conducted within the scope and guidelines of this policy.

We aim to resolve confirmed vulnerabilities within a reasonable timeframe, taking into account the complexity and potential impact of the issue.

Exclusions

The following are generally not considered valid security vulnerabilities:

Spam, phishing, or social engineering campaigns
Issues requiring physical access to a user’s device
Missing best-practice configurations without a demonstrated exploit
Rate limiting or brute force concerns without clear evidence of impact
Issues affecting third-party platforms not controlled by MaidHive

No Bug Bounty Program

MaidHive does not currently operate a public bug bounty program.

Submission of a vulnerability report does not entitle the reporter to financial compensation unless explicitly agreed in writing.

MaidHive may, at its discretion, acknowledge or thank individuals who report valid vulnerabilities.

Legal Notice

This policy does not grant any rights or authorisation to:

Access data without authorisation
Perform testing outside the defined scope
Violate applicable laws or regulations

Any activities that breach this policy or applicable laws may result in legal action.

Contact

For all security-related matters, please contact:

Email: security@maidhive.app