Last Updated: 11/21/2025
Summary
At Impact Laboratories and My Green Lab, we are committed to maintaining the security and privacy of our systems and customers. We encourage security researchers and ethical hackers to responsibly report vulnerabilities to help us improve our security posture.
Scope
This policy applies to:
- Web applications, APIs, and systems owned by My Green Lab.
- Reporting vulnerabilities without causing harm or disruption to services.
- Excluding social engineering, physical security, and DDoS attacks.
Reporting Policy
This policy details the steps to implement responsible reporting to the organization of security vulnerabilities by security researchers.
Reporting Process
If you identify a security vulnerability, please follow these steps:
- Submit a detailed report via our official disclosure channel: security@mygreenlab.org
- Provide clear reproduction steps and any potential impact assessment.
- Avoid accessing, modifying, or destroying data belonging to others.
Response & Remediation
- We will acknowledge your submission within 72 hours.
- Our security team will triage, validate, and remediate the issue as necessary.
- We will update you on progress while maintaining confidentiality.
Recognition & Safe Harbor
- We appreciate responsible disclosures but are unable to offer certificates, bounties, public acknowledgments, or other forms of recognition.
- My Green Lab will not pursue legal action against researchers who act in good faith and comply with this policy.
Public Disclosure Restrictions
To maintain the security and privacy of our systems and users, all communications related to security research—including the fact that a report was submitted—must remain confidential. As a matter of policy we request that researchers do not reference or allude to their participation in our responsible disclosure process (including anonymized mentions or general statements).
Contact Us
For inquiries or to report a vulnerability, reach out to: security@mygreenlab.org