5. Security and Responsible Disclosure Policy
Last updated: June 4, 2026
WAGMI CLAIMS LLC welcomes good-faith reports of security issues affecting https://victorkurakocom.vercel.app/, https://victorkurako.com, https://trust.victorkurako.com/, or successor domains and subdomains we control. This policy explains how to report issues responsibly.
1. How to report
Submit security reports through the Site’s report center or email security@victorkurako.com with:
- affected URL or asset;
- vulnerability type;
- steps to reproduce;
- impact summary;
- screenshots or logs, if safe to share;
- your contact information; and
- whether you believe any data was accessed.
Do not include passwords, private keys, seed phrases, personal data, confidential third-party data, or data you are not authorized to share.
2. Rules of engagement
You must:
- act in good faith;
- avoid privacy violations and data exposure;
- avoid accessing, modifying, deleting, copying, transmitting, or exfiltrating data that does not belong to you;
- stop testing and report immediately if you encounter non-public data;
- avoid service disruption or degradation;
- avoid attacks against users, employees, vendors, or third parties; and
- comply with all applicable laws.
3. Prohibited testing
Do not perform:
- denial-of-service or resource-exhaustion testing;
- spam, phishing, social engineering, or physical attacks;
- malware deployment;
- credential stuffing or password spraying;
- destructive testing;
- persistence, backdoors, or lateral movement;
- data exfiltration;
- attacks against third-party platforms or service providers;
- public disclosure before we have had a reasonable opportunity to investigate and remediate; or
- testing that violates law or third-party terms.
4. No bounty unless agreed
We do not offer a bug bounty, reward, compensation, employment, public credit, or other benefit unless expressly agreed in writing before testing. Reports are voluntary.
5. Our approach
For good-faith reports that comply with this policy, we intend to:
- acknowledge receipt when practicable;
- investigate and validate the report;
- prioritize remediation based on severity and risk;
- avoid legal action against researchers solely for good-faith testing that complies with this policy; and
- communicate reasonably, subject to legal, security, and business constraints.
This policy does not authorize unlawful conduct, access to third-party systems, access to third-party data, testing against third-party trust centers, testing against companies discussed in Site research, or violation of applicable laws or third-party terms.
6. Public disclosure
Do not publicly disclose a vulnerability or report details until we have confirmed remediation or provided written permission. Coordinated disclosure timelines will be handled case-by-case.
7. Contact
Security reports: security@victorkurako.com Legal contact: viktor.kurako@gmail.com