Dial Anyone ("we", "our", or "us") values the work of the security research community. We welcome ethical security researchers ("white hat" hackers) who help us keep our platform and our users safe through responsible, good-faith vulnerability research and disclosure.

⚠️ Authorization Is Required Before Any Testing

We do not permit any penetration testing, scanning, probing, or exploitation of our systems without prior written authorization from us. Conducting security testing against our systems, accounts, or infrastructure without our explicit, written permission is unauthorized and may constitute a violation of computer fraud and other applicable laws. Such activity may be reported to law enforcement and prosecuted. You must email us before you begin any testing.

1. Notify Us First — How to Request Authorization

Before performing any security testing, you must contact us to notify us and obtain written authorization. Send an email to support@dialanyone.com and include:

Your full name and how we can reach you
A description of the testing you intend to perform
The scope you intend to test (specific endpoints, features, or systems)
The approximate dates and times you plan to test

Do not begin testing until you have received written authorization from us confirming the scope and terms. Authorization is granted on a case-by-case basis and is limited to the scope we approve in writing.

2. Rules of Engagement

If we authorize testing, you must at all times stay within the approved scope and follow these rules:

Only test accounts and data that belong to you, or test accounts we provide. Never access, modify, or download another user's data.
No denial-of-service (DoS/DDoS), volumetric, or load/stress testing.
No social engineering, phishing, or physical attacks against our staff, users, vendors, or facilities.
Do not exfiltrate, destroy, or alter data, and do not degrade or interrupt our services.
Do not place automated calls or messages, or take any action that incurs charges or impacts real users.
Stop immediately and notify us if you encounter personal data or believe you may cause harm.
Keep all findings confidential and give us a reasonable time to remediate before any public disclosure.

3. Reporting a Vulnerability

If you discover a potential vulnerability, please report it promptly to support@dialanyone.com with enough detail for us to reproduce and validate the issue, including:

A clear description of the vulnerability and its potential impact
Step-by-step instructions to reproduce it
Any relevant proof-of-concept, screenshots, or logs (without exposing other users' data)

4. Our Commitment

When you act in good faith and within an authorized scope, we commit to:

Acknowledging your report and working with you in good faith to understand and resolve the issue
Not pursuing legal action against researchers who follow this policy and stay within authorized scope
Recognizing valid contributions, including, where you wish, public acknowledgment in our Hall of Fame below

5. Security Researcher Hall of Fame

We gratefully recognize the following researchers for their responsible disclosure and contributions to the security of our platform:

Khaled Mohammed Ropy — Cybersecurity Researcher / Vulnerability Researcher
Contact: +972 59 445 4760
Omar Mohammad Hreizat — Cybersecurity Researcher / Vulnerability Researcher

6. Questions

For any questions about this policy or to request authorization, contact us at support@dialanyone.com. You can also review our Terms of Service, Privacy Policy, and Acceptable Use & Messaging Policy.