SECURITY POLICY

We take security seriously. If you discover a vulnerability in Ordo Daily, please report it to us responsibly.

Reporting a Vulnerability

Email ordodailyco@gmail.com with a clear description, reproduction steps, and any supporting material. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate.

Scope

In scope: ordodaily.com, the Ordo Daily web app, and any official subdomains we operate. Out of scope: third-party services we integrate with (report those to their respective vendors).

Safe Harbor

If you make a good-faith effort to comply with this policy during your research, we will not pursue legal action against you for that research.

What We Use

HTTPS everywhere, Row Level Security on all user data, encrypted credentials, no service-role keys in client code, and audited authentication.

Questions? Email ordodailyco@gmail.com