Legal

Security Disclosure Policy

How to report a suspected vulnerability in our website or systems safely and responsibly.

Last updated: May 3, 2026

Doxelio Digital Agency is a trading brand operated by MegaDev Ltd, company registration number 208560960. These pages are provided for transparency and general information. They are not a substitute for legal advice tailored to a specific contract, country, or regulated industry.

Responsible reporting

If you believe you found a vulnerability affecting Doxelio or MegaDev Ltd systems, report it to security@doxelio.com with enough detail for us to understand and reproduce the issue.

Do not cause harm

Do not access, copy, modify, delete, exfiltrate, or disclose data that is not yours.
Do not run denial-of-service tests, spam, phishing, malware, credential attacks, social engineering, or physical attacks.
Do not test client systems unless you have separate written permission from that client and from us where applicable.
Stop testing and contact us immediately if you encounter sensitive data or service instability.

What to include

Affected URL, endpoint, account, or feature.
Steps to reproduce, screenshots, proof-of-concept details, and impact explanation.
Your contact details if you want us to respond.

No public disclosure before resolution

Please do not publicly disclose a vulnerability until we have investigated, remediated where appropriate, and agreed on disclosure timing.

No bounty promise

We appreciate good-faith reports, but we do not promise payment, rewards, swag, recognition, or employment for vulnerability reports unless agreed in writing.