Security Policy

Reporting a Vulnerability

At AGL Consulting, we take security seriously and welcome reports from the security community to help keep our users and systems safe. If you believe you have found a security vulnerability in our website, mobile apps, or infrastructure, please report it to us as soon as possible.

How to Report

• Please send your report to: security@aglflorida.com
• Include a detailed description of the issue, including steps to reproduce, and any proof-of-concept code or screenshots if available.
• We will investigate and aim to resolve valid vulnerabilities promptly.

Scope

This policy applies to:

• https://aglflorida.com and all subpages
• Official AGL Consulting mobile apps listed in the Google Play Store and Apple App Store

Exclusions

The following types of issues are outside the scope of this policy:

• Non-security bugs or UI issues
• Automated scans or reports without clear evidence of exploitability
• Reports of outdated libraries without a working proof of vulnerability
• Clickjacking on pages with no sensitive actions
• Self-XSS (e.g., injecting script into your own browser console)
• Issues related to Github Pages hosting. Those should be directed to the appropriate third party

Responsible Disclosure

We kindly ask that you:

• Do not publicly disclose vulnerabilities without coordination
• Do not use automated tools that degrade service quality
• Do not attempt to access, modify, or destroy user data

Updates to This Policy

This security policy may be updated occasionally to reflect changes in our practices. Users can find any material changes by visiting the Site.

Contact

If you have questions about this policy, please use the contact form linked in the footer.

Last updated: 5/21/2025