Security Policy This document serves as an outline of Lunar Network's security policies and practices concerning any products, services, websites, applications, or domains under its control, ownership, or management. Definition "Lunar Network Services" encompasses any products, services, websites, applications, or domains under the control, ownership, or management of Lunar Network. Permission for Security Testing To conduct security testing on Lunar Network Services, prior consent from the Head of Development (contact: luna.alfien@lunarwebsite.ca) is mandatory. Implicit permission is not granted. Exceptions: - Security testing and research are permitted for the "Lunar Website" Lunar Network Service, exclusively within the following domains: - https://*.lunarwebsite.ca/* - http://*.lunarwebsite.ca/* These permissions are designed to uphold customer privacy, ensure that testing is conducted with informed consent, and offer comprehensive assistance to security researchers, including guidance on testing procedures, any necessary restrictions or limitations on testing scope, and additional contact details for ongoing communication. Security Incident Response In the event of a security incident, Lunar Network commits to undertake the following response actions: 1. Notification: All affected individuals will be promptly informed of the incident, including details of any compromised or exposed data. 2. Resolution: Proactive measures will be taken to address and resolve the incident within a strict timeframe of 48 hours. 3. Notification to Researcher: The security researcher will be notified within 24 hours after the successful resolution of the incident. This proactive approach highlights Lunar Network's commitment to risk mitigation and the preservation of the security posture across Lunar Network Services. In addition to the existing response actions, Lunar Network will strive to acknowledge the security incident publicly. This acknowledgment may occur through a blog post or a Discord announcement, providing comprehensive details about the incident, including how it occurred, the measures taken for resolution, and any data potentially involved. This transparent approach aims to reinforce Lunar Network's commitment to accountability and transparency in security matters. However, if the incident impacts a customer's service, certain details such as the specific location of the incident within Lunar Network Services and the exact data leaked may be redacted from public statements. Affected users will always be informed of any leaked data, ensuring transparency and accountability while balancing the need for confidentiality and security.