Reporting a Security Vulnerability
We take your privacy and security seriously — and we’re grateful to the researchers and customers who help us protect our community.
If you believe you’ve found a security vulnerability or data privacy concern in a Loftie product or service, we want to hear from you.
How to Report a Vulnerability
Please send an email to:
security@byloftie.com
(subject line: Security Vulnerability Disclosure)
In your message, include as much detail as possible:
-
A clear description of the issue
-
Steps to reproduce (screenshots, code, etc. are helpful)
-
The product or service affected (e.g., Loftie Clock, Lamp, app, backend, etc.)
-
Any relevant timestamps or versions
-
Your preferred contact method if you'd like a follow-up
You can also choose to remain anonymous.
What Happens Next
Once we receive your report, our engineering team will:
-
Acknowledge receipt within 5 business days
-
Assess the issue and determine severity
-
Work on a fix (if confirmed)
-
Keep you informed — if you’ve opted in to updates
-
Credit your disclosure in a future security notice (optional)
Coordinated Disclosure
If you plan to publish your findings, we ask for the opportunity to resolve the issue first — ideally within 90 days — in the spirit of coordinated disclosure. We'll always do our best to resolve valid issues as quickly as possible.