Vulnerability Disclosure Policy

Hair Wellness Lab takes the security of our platform seriously. We welcome responsible disclosure of security vulnerabilities from the security research community and our users.

This policy applies to security vulnerabilities found in:

• The Hair Wellness Lab web application at hairwellnesslab.com
• Our APIs and backend services
• Authentication and session management
• Data handling and storage

Please report security vulnerabilities by emailing hello@hairwellnesslab.com with the subject line “Security Vulnerability Report.”

In your report, please include:

• A description of the vulnerability and its potential impact.
• Steps to reproduce the issue.
• Any supporting evidence (screenshots, logs, proof of concept).
• Your contact information for follow-up.

• Do not access, modify, or delete other users' data.
• Do not perform actions that could degrade service availability.
• Do not publicly disclose the vulnerability before we have had a reasonable opportunity to address it.
• Act in good faith to avoid privacy violations and disruption to our users.

We will acknowledge receipt of your report within 3 business days. We will provide an initial assessment within 10 business days. We will keep you informed of our progress toward resolving the issue.

We will not pursue legal action against individuals who report vulnerabilities in good faith and in accordance with this policy. We consider security research conducted under this policy to be authorized.

Security inquiries: hello@hairwellnesslab.com