Security Policy

Our Security Commitment

At FixItFast.NYC, security is a top priority. We are committed to protecting our customers' data and maintaining the integrity of our systems. This policy outlines our security practices and provides guidance for reporting security vulnerabilities.

Security Measures

Responsible Disclosure

We encourage security researchers to responsibly disclose any vulnerabilities they discover. If you believe you've found a security issue, please report it to us privately.

What to Include

• • Detailed description of the vulnerability
• • Steps to reproduce the issue
• • Potential impact assessment
• • Your contact information for follow-up
• • Any proof-of-concept code (if applicable)

Our Commitment

• • Acknowledge receipt within 48 hours
• • Provide regular updates on our progress
• • Not pursue legal action for good-faith research
• • Credit researchers who follow responsible disclosure
• • Fix critical vulnerabilities within 90 days

Scope

The following are in scope for security research:

• • fixitfast.nyc and all subdomains
• • Our web application and APIs
• • Authentication and authorization systems
• • Data handling and storage

Out of Scope

• • Physical security testing
• • Social engineering attacks
• • Denial of Service (DoS) attacks
• • Third-party services (Stripe, Google Maps, etc.)
• • Automated scanning without prior approval

Incident Response

In the event of a security incident:

1. We will investigate and contain the incident immediately
2. Affected users will be notified within 72 hours as required by law
3. Relevant authorities will be notified if required
4. We will provide a post-incident report and remediation steps