Skip to main content
AIDiveForge AIDiveForge
Legal · Security

Security & Vulnerability Disclosure

Effective May 15, 2026 Operator Emrich Enterprises LLC

If you've found a security issue on AIDiveForge, please tell us before disclosing it publicly. This page sets out what we ask of researchers, what we promise in return, and how to reach our security team.

The short version
  • Report issues to security@aidiveforge.com.
  • Don't access data that doesn't belong to you, don't run DoS attacks, don't social-engineer staff.
  • Give us a reasonable window — 90 days for most issues — before public disclosure.
  • Good-faith research that follows this policy is welcome and won't be pursued legally.

1. Scope

In scope:

  • aidiveforge.com and its subdomains operated by us (e.g. lists.aidiveforge.com, staging.aidiveforge.com, mail.aidiveforge.com).
  • Any first-party API endpoints under /wp-json/adf/.
  • Issues affecting the integrity, confidentiality, or availability of user accounts, the wiki, the moderation pipeline, the newsletter system, or our public dataset.

Out of scope:

  • Third-party services (Anthropic, Google, our hosting provider, our DNS provider, the payment processor we may use). Report those directly to the vendor.
  • Vulnerabilities in open-source software we deploy unmodified (WordPress core, HivePress, etc.). Report those to the project's own security channels; if exploitable on our deployment, also let us know so we can patch.
  • Email spam or phishing using look-alike domains we don't operate.
  • Volumetric denial-of-service findings ("the site goes down under heavy load" is not, by itself, a vulnerability).
  • Missing security headers and weak TLS ciphers without a demonstrated exploit path.
  • Disclosure of public information (e.g. visible WordPress version numbers) without a demonstrated exploit path.
  • UI/UX bugs or theoretical typing/encoding issues without security impact.

2. Rules of engagement

We ask that good-faith researchers:

  • Don't access data that isn't yours. Stop at the point you've demonstrated the issue exists.
  • Don't degrade the Service. No DoS, no resource exhaustion, no destructive payloads.
  • Don't social-engineer staff or users. No phishing, no pretexting.
  • Don't violate privacy. Don't enumerate, exfiltrate, or publish other users' personal data.
  • Don't extort. Threatening public disclosure or media contact to pressure a payment isn't research — it's a separate problem.
  • Give us a reasonable window before disclosing publicly. We aim for fixes within 90 days; complex issues may need longer and we'll tell you what we're seeing.

3. How to report

Email security@aidiveforge.com. Useful information to include:

  • A clear description of the issue and its potential impact.
  • Steps to reproduce — request bodies, payloads, browser, timestamps.
  • Any proof-of-concept code or screenshots (please don't post them publicly).
  • Whether you'd like to be credited in any post-mortem we publish.

If you'd like to send an encrypted report, ask in the initial mail and we'll exchange PGP keys.

4. What you can expect from us

  • Acknowledgment within 3 business days.
  • Triage assessment within 7 business days, with our initial severity rating and rough remediation timeline.
  • Status updates at least every 14 days until the issue is resolved.
  • Credit in any public post-mortem if you'd like (or pseudonymous credit if you'd prefer).
  • No bounty program at this time. We may send a thank-you gift for impactful reports.

5. Safe-harbor pledge

If you make a good-faith effort to follow this policy when researching and reporting a vulnerability:

  • We will not pursue or support legal action against you for the research or disclosure.
  • We will not report you to law enforcement for activity covered by this policy.
  • If a third party (an outside service provider or upstream platform) takes action against you in connection with your research, we will, where lawful and feasible, advocate for you and make clear that your activity was authorized.

Safe harbor under this policy does not extend to activity outside the rules in §2 (for example, deliberately accessing or exfiltrating user data, or attempting to extort), and does not affect third-party rights or laws beyond our control.

6. security.txt

A machine-readable disclosure address is available at /.well-known/security.txt per RFC 9116.

7. Changes to this policy

We may update this policy when our practices change or based on community feedback. Material changes are reflected in the Effective date above.

8. Contact

Security: security@aidiveforge.com · Abuse (non-security): abuse@aidiveforge.com · Privacy: privacy@aidiveforge.com

AIDiveForge

Deep Dive into AI Tools • Forge Your Perfect Workflow

Quick Links

Developers

Newsletter

Weekly picks of the best AI tools and workflow packs — no spam, just signal.

[aidiveforge_newsletter]

© 2026 AIDiveForge. No bias. Open-source and paid tools treated equally.

Affiliate Disclosure · Privacy · Email Policy · Terms · DMCA