Security Policy
Effective Date: June 12, 2026
Reporting a Vulnerability
We take the security of our website and our clients' data seriously. If you discover a security vulnerability, we appreciate your help in disclosing it responsibly.
How to Report
Please send a detailed report to security@consultwithdion.com including:
- A description of the vulnerability and its potential impact.
- Steps to reproduce the issue.
- Any relevant screenshots or proof-of-concept code.
What to Expect
- Acknowledgement: We will acknowledge receipt of your report within 48 hours.
- Assessment: We will investigate and assess the reported vulnerability promptly.
- Resolution: We aim to resolve confirmed vulnerabilities within 30 days, depending on severity and complexity.
- Communication: We will keep you informed of our progress throughout the process.
Responsible Disclosure Guidelines
We ask that you:
- Do not publicly disclose the vulnerability before we have had a chance to address it.
- Do not access, modify, or delete data belonging to other users.
- Make a good-faith effort to avoid service disruption and privacy violations.
- Do not use automated scanning tools that generate excessive traffic.
Security Measures
Our website implements the following security controls:
- TLS encryption (HTTPS) for all connections
- HTTP Strict Transport Security (HSTS)
- Content Security Policy (CSP) to prevent cross-site scripting
- X-Frame-Options to prevent clickjacking
- Server-side input validation and rate limiting
- Email authentication (SPF, DKIM, DMARC)