Security Policy

At My Language Drill, the security of our systems and data is a top priority. We value the contributions of security researchers and the broader community in helping us maintain a secure environment.

Reporting Security Vulnerabilities

If you believe you have discovered a security vulnerability on our website or any related systems, we encourage you to let us know as soon as possible. We appreciate your help in responsibly disclosing vulnerabilities.

To report a vulnerability, please send an email to security@mylanguagedrill.ch using the related PGP Key.

Please include, if possible:

• A detailed description of the vulnerability
• The steps required to reproduce the issue
• Any relevant screenshots or proof-of-concept code

Our Commitment

• We will acknowledge your report within 3 business days.
• We will investigate the issue and aim to provide a resolution as quickly as possible.
• We will keep you informed throughout the process.
• We will not take legal action against or suspend access for those who discover and report security issues responsibly and in good faith.

Scope

This policy applies to mylanguagedrill.ch, mylearningdrill.ch and myenglishdrill.ch. Vulnerabilities discovered outside the scope listed may not be eligible for recognition.

Out of Scope

The following are generally considered out of scope:

• Denial of Service (DoS/DDoS) attacks
• Social engineering or phishing attacks
• Physical attacks against our infrastructure or personnel
• Vulnerabilities in third-party services not controlled by us

Responsible Disclosure

We ask that you:

• Make every effort to avoid privacy violations, degradation of user experience, or destruction of data during your research.
• Provide us with a reasonable amount of time to resolve the issue before making it public.
• Do not exploit the vulnerability beyond what is necessary to demonstrate it.

Thank you for helping us keep My Language Drill and our users safe!