Security at dubc.io

Our Security Practices

Our Commitment to Security

At dubc.io, the security of your data is our highest priority. We are committed to building a secure environment by integrating security into our culture, our development lifecycle, and our business operations. We strive to implement robust security measures to protect your information from unauthorized access, use, or disclosure.

How We Protect Your Data

We employ a multi-layered security strategy to protect our systems and your information. While we cannot disclose all of our security measures for operational reasons, some of the key practices we have in place include:

• Data Encryption: We encrypt your data both in transit using industry-standard Transport Layer Security (TLS) and at rest using advanced encryption standards.
• Secure Development: Our engineering team follows secure software development lifecycle (SDLC) practices. Code is subject to peer review and automated security testing before being deployed.
• Access Control: We enforce the principle of least privilege, meaning employees are only granted the minimum level of access required to perform their jobs. Access to sensitive data is strictly controlled and monitored.
• Monitoring and Auditing: We continuously monitor our systems for suspicious activity and regularly engage independent third-party firms to conduct penetration tests and security audits of our infrastructure.
• Employee Training: All our employees receive ongoing security awareness training to ensure they are equipped to identify and respond to potential threats.

Your Role in Security

While we work hard to protect your account, you also play a vital role in keeping it secure. We encourage you to follow these best practices:

• Use a Strong, Unique Password: Create a password that is long, complex, and not used on any other website or service. We recommend using a trusted password manager to generate and store strong passwords.
• Enable Two-Factor Authentication (2FA): We strongly recommend enabling 2FA for your account. This adds a critical second layer of security by requiring a code from your mobile device in addition to your password.
• Beware of Phishing: Be cautious of unsolicited emails, texts, or messages that ask for your personal information. We will never ask you for your password. Always verify that you are on https://dubc.io before entering your login credentials.
• Keep Your Devices Secure: Ensure that the computer and mobile devices you use to access our services have the latest software updates and are protected by anti-malware software.

For Security Researchers: Vulnerability Disclosure Policy

Reporting a Vulnerability

We value the contributions of the security research community. Please send your detailed findings to: security@dubc.io. For sensitive information, please use our PGP key: PGP Public Key.

Scope

• In-Scope: The primary domain dubc.io and all subdomains *.dubc.io.
• Out-of-Scope: Denial of Service (DoS/DDoS) attacks, social engineering or phishing, and physical attacks.

Safe Harbor

We consider security research conducted under this policy to be authorized and will not initiate legal action against you for it. If a third party initiates legal action against you for research that complies with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Reporting Guidelines & Our Commitment

Please provide a clear report with steps to reproduce the issue. We are committed to the following:

• We will provide an initial acknowledgment within 3 business days.
• We will triage the submission within 7 business days.
• We will strive to keep you informed of our progress as we work to resolve the issue.

Acknowledgments

For every valid and unique vulnerability report that is resolved, we will offer the reporting individual a place on our Hall of Fame. We will always ask for your permission before publicly crediting you.