Security Policy

Last updated: March 2026

The security of our platform and the data of our users is a top priority. We welcome responsible disclosure of security vulnerabilities.

Reporting a Vulnerability

If you discover a security vulnerability, please report it to us privately. Do not disclose it publicly until we have had the opportunity to investigate and fix it.

Security contact:
security@getdynamicqr.com

Encrypted email preferred

Response Timeline

We aim to acknowledge all security reports within 48 hours and provide an estimated resolution timeline within 5 business days. We will keep you informed of our progress.

In Scope

The following assets are in scope for responsible disclosure:

The web application and its API endpoints
Authentication and session management
QR redirect infrastructure and data integrity
User data handling and privacy controls

Out of Scope

The following are not eligible for disclosure:

Denial of service attacks
Social engineering or phishing of our staff
Vulnerabilities in third-party services we do not control

Responsible Disclosure

We ask that you give us a reasonable amount of time to fix reported issues before making any details public. We will credit you for your discovery if you wish and will not pursue legal action against researchers acting in good faith.

Report Malicious QR Codes

If you have encountered a QR code on our platform that you believe is being used for phishing, malware distribution, or other harmful purposes, you can submit an abuse report.