Victor Kurako

5. Security and Responsible Disclosure Policy

Last updated: June 4, 2026

WAGMI CLAIMS LLC welcomes good-faith reports of security issues affecting https://victorkurakocom.vercel.app/, https://victorkurako.com, https://trust.victorkurako.com/, or successor domains and subdomains we control. This policy explains how to report issues responsibly.

1. How to report

Submit security reports through the Site’s report center or email security@victorkurako.com with:

  • affected URL or asset;
  • vulnerability type;
  • steps to reproduce;
  • impact summary;
  • screenshots or logs, if safe to share;
  • your contact information; and
  • whether you believe any data was accessed.

Do not include passwords, private keys, seed phrases, personal data, confidential third-party data, or data you are not authorized to share.

2. Rules of engagement

You must:

  • act in good faith;
  • avoid privacy violations and data exposure;
  • avoid accessing, modifying, deleting, copying, transmitting, or exfiltrating data that does not belong to you;
  • stop testing and report immediately if you encounter non-public data;
  • avoid service disruption or degradation;
  • avoid attacks against users, employees, vendors, or third parties; and
  • comply with all applicable laws.

3. Prohibited testing

Do not perform:

  • denial-of-service or resource-exhaustion testing;
  • spam, phishing, social engineering, or physical attacks;
  • malware deployment;
  • credential stuffing or password spraying;
  • destructive testing;
  • persistence, backdoors, or lateral movement;
  • data exfiltration;
  • attacks against third-party platforms or service providers;
  • public disclosure before we have had a reasonable opportunity to investigate and remediate; or
  • testing that violates law or third-party terms.

4. No bounty unless agreed

We do not offer a bug bounty, reward, compensation, employment, public credit, or other benefit unless expressly agreed in writing before testing. Reports are voluntary.

5. Our approach

For good-faith reports that comply with this policy, we intend to:

  • acknowledge receipt when practicable;
  • investigate and validate the report;
  • prioritize remediation based on severity and risk;
  • avoid legal action against researchers solely for good-faith testing that complies with this policy; and
  • communicate reasonably, subject to legal, security, and business constraints.

This policy does not authorize unlawful conduct, access to third-party systems, access to third-party data, testing against third-party trust centers, testing against companies discussed in Site research, or violation of applicable laws or third-party terms.

6. Public disclosure

Do not publicly disclose a vulnerability or report details until we have confirmed remediation or provided written permission. Coordinated disclosure timelines will be handled case-by-case.

7. Contact

Security reports: security@victorkurako.com Legal contact: viktor.kurako@gmail.com