# Security Policy ## Reporting Security Vulnerabilities If you discover a security vulnerability in DragonMeta's products, please report it to: **Email:** support@dmeta.me Please include: - Description of the vulnerability - Steps to reproduce - Potential impact - Suggested fix (if any) ## Security Measures DragonMeta implements the following security measures: ### 1. Input Validation - All user inputs are sanitized and validated - SQL injection prevention via prepared statements - XSS protection through output escaping ### 2. Security Headers - X-Content-Type-Options: nosniff - X-Frame-Options: SAMEORIGIN - Referrer-Policy: strict-origin-when-cross-origin - Permissions-Policy restrictions ### 3. Rate Limiting - Per-IP rate limiting on API endpoints - Timeout mechanisms for external requests ### 4. Data Protection - Browser-specific conversation isolation (owner cookie) - Images are never stored on disk - Secure session management ### 5. Access Control - robots.txt for crawler management - .htaccess for file protection - Sensitive file access denied ## Responsible Disclosure We follow responsible disclosure practices: 1. Report received and acknowledged within 24 hours 2. Investigation and fix development 3. Security patch released 4. Public disclosure after fix deployment ## Legal Notice Unauthorized access to computer systems is illegal. This platform is for: - Educational purposes - Authorized security research - Legitimate use All activities are monitored. --- © 2026 DragonMeta. All rights reserved.