Security Policy

Introduction

At Arvee Solutions, Inc., makers of Arvee—your trusted RV trip planning software—security and privacy are our top priorities. We are committed to protecting our users’ data and ensuring our service remains safe for everyone. This document outlines our commitment to security and provides guidelines for reporting potential security vulnerabilities.

Reporting a Vulnerability

We strongly encourage responsible disclosure of security vulnerabilities.
If you discover a security issue in any of our products or services, please notify us as soon as possible.

To help us triage and remediate vulnerabilities efficiently, please provide as much information as possible, including:

  • Steps to reproduce the issue
  • Potential impact and any relevant logs or screenshots
  • Your contact information for follow-up

We request that you do not publicly disclose the issue before we have had an opportunity to investigate and resolve it.

Our Commitment

  • We will acknowledge receipt of your report within 3 business days.
  • We will investigate all legitimate reports and aim to provide a status update within 7 days.
  • We are committed to resolving verified vulnerabilities promptly and will notify you when the issue has been fixed.

Out of Scope

While we value all reports, the following are considered out of scope for our security policy:

  • Automated or bulk vulnerability reports
  • Social engineering attacks (e.g., phishing)
  • Vulnerabilities requiring physical access to a user’s device
  • Issues in third-party systems or libraries that are not under Arvee’s direct control
  • Denial of Service (DoS) attacks without a proven security impact

Safe Harbor

We will not pursue legal action or suspend accounts for researchers who discover and report vulnerabilities to us in good faith and in accordance with this policy.

Recognition

At this time, Arvee Solutions, Inc. does not operate a formal bug bounty program. However, we may acknowledge significant contributions from security researchers with your consent.

Scope

This policy applies to:

  • All arvee.io web properties and APIs
  • Official Arvee mobile applications
  • Any services provided directly under the Arvee brand

Questions

For any questions regarding this policy, please contact security@arvee.io.