Security Policy

Overview

The security of our users is a top priority at Pathway. We appreciate the efforts of security researchers and the broader community in helping us maintain high security standards.

Reporting a Vulnerability

If you believe you've discovered a security vulnerability in our extension or website, please report it through our contact form. Select "Security Vulnerability" as the type of report.

Please include the following in your report:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Any supporting materials (screenshots, proof of concept code)

Scope

This security policy applies to:

• The Pathway Chrome extension
• The pathwaychrome.com website
• Any associated APIs or services we operate

Guidelines

When testing for vulnerabilities, please:

• Do not perform testing that could impact other users
• Do not access, modify, or delete data that doesn't belong to you
• Do not perform denial of service testing
• Make a good faith effort to avoid privacy violations and disruptions to others

Our Commitment

When you submit a vulnerability report, we commit to:

• Acknowledge receipt within 48 hours
• Provide regular updates about our progress
• Not take legal action against you if you follow these guidelines
• Work with you to understand and resolve the issue quickly
• Recognize your contribution if you are the first to report a unique vulnerability

Safe Harbor

We consider security research conducted under this policy to be:

• Authorized in accordance with the Computer Fraud and Abuse Act (CFAA)
• Exempt from DMCA prohibitions on circumvention of technological measures that control access to copyrighted works
• Eligible for Safe Harbor under this policy as long as research is conducted in compliance with this policy