Security Policy

THEWIZARDSTUDIO is committed to ensuring the security and privacy of our clients and users. We welcome the security research community to help us maintain the highest standards of security.

Vulnerability Disclosure Program

We value the security community and believe that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users. If you discover a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Reporting a Vulnerability

To report a security vulnerability, please email us at:

Email: support@thewizardstudio.com
Response Time: Initial acknowledgment within 48 hours
Updates: Weekly status updates on your report

What to Include in Your Report

Please provide as much information as possible to help us understand and reproduce the issue:

Type of vulnerability (e.g., XSS, SQL injection, authentication bypass)
Step-by-step instructions to reproduce the issue
Proof-of-concept or exploit code (if applicable)
Impact assessment and potential risks
Any suggested remediation steps
Your contact information for follow-up questions

Program Scope

In Scope:

thewizardstudio.com and all subdomains
Web applications and APIs we operate
Client-facing applications and services
Infrastructure security issues

Out of Scope:

Social engineering attacks
Physical attacks against our offices or staff
Denial of Service (DoS/DDoS) attacks
Spam or social media account takeovers
Third-party services or applications not operated by us
Issues in outdated browsers or platforms

Testing Guidelines

Permitted Testing:

Testing that does not degrade our services
Non-destructive testing methods
Testing against your own test accounts
Automated scanning with reasonable rate limits

Prohibited Activities:

Accessing, modifying, or deleting data that doesn't belong to you
Denial of Service attacks or performance degradation
Spamming or social engineering of staff or clients
Physical or electronic attacks on our infrastructure
Intentional privacy violations or data exfiltration

Response Timeline

Initial Response: Within 48 hours of report submission
Triage: Within 5 business days
Status Updates: Weekly progress reports
Resolution Target: Critical issues within 30 days, others within 90 days
Public Disclosure: Coordinated with researcher after fix is deployed

Safe Harbor

We support safe harbor for security researchers who:

Make a good faith effort to avoid privacy violations and service disruption
Only interact with accounts you own or with explicit permission
Do not exploit a security issue beyond the minimum necessary to demonstrate it
Keep information about vulnerabilities confidential until we've resolved them
Provide us a reasonable time to address issues before public disclosure

In return, we commit to:

Not pursue legal action against researchers who adhere to these guidelines
Work with you to understand and resolve the issue quickly
Recognize your contribution (with your permission)
Keep you informed about our progress in addressing the vulnerability

Recognition

We believe in recognizing security researchers who help us protect our users. With your permission, we may:

Publicly acknowledge your responsible disclosure
List you in our security acknowledgments (coming soon)
Provide a letter of recommendation for your professional portfolio

Our Security Practices

THEWIZARDSTUDIO maintains strong security practices including:

Regular security assessments and code reviews
Encryption of data in transit and at rest
Access controls and authentication mechanisms
Security monitoring and incident response procedures
Regular security training for our team
Compliance with industry standards and best practices

Data Protection & Privacy

We are committed to protecting user data and privacy:

Minimal data collection - only what's necessary for our services
Secure storage and transmission of all sensitive data
Regular audits of data access and usage
Compliance with applicable data protection regulations
Transparent privacy policies and data handling practices

Contact Information

Security Team: support@thewizardstudio.com

General Inquiries: info@thewizardstudio.com

Security.txt: https://thewizardstudio.com/.well-known/security.txt

Policy Updates

Effective Date: October 8, 2025
Last Updated: October 8, 2025
Policy Expiration: June 19, 2028
Review Schedule: Annually or as needed

We reserve the right to modify this policy at any time. Significant changes will be communicated through our website and security.txt file.

Return to Home Contact Us