Security Practices

At Compass, we take security seriously. Protecting your server's sensitive documentation and ensuring that only the right users have access is at the core of our platform. From secure Discord Authentication to role-based access control, we work tirelessly to safeguard your information.

We continuously monitor and update our systems to prevent unauthorised access and ensure your data is safe. Our goal is to create a secure environment where you can confidently manage your documentation.

Our Commitment to Security

• Role-Based Access Control: Only those with the correct Discord roles can access certain documents, ensuring your information stays protected.
• Discord Authentication: We use secure OAuth2 authentication, integrating directly with Discord to verify user identity and role permissions.
• Audit Logs: Every access and configuration change is logged for accountability, giving you visibility over who accessed or edited your content.
• Continuous Updates: We regularly update our platform to patch vulnerabilities and improve security, ensuring that Compass remains a safe space for managing your documents.

How to Report an Issue

If you believe you've found a security vulnerability or issue within Compass, we encourage you to report it immediately. Please contact our security team at [email protected] with the following details:

• A clear and concise description of the vulnerability or issue you've identified.
• Detailed steps that demonstrate how to replicate the issue, including any specific conditions or configurations.
• An assessment of the potential impact of the vulnerability, including what data could be affected and who might be at risk.
• Optional, but including your email or other contact details can help us reach you for follow-up questions or to provide updates on the resolution.
• Information about the environment in which you discovered the issue, such as the platform, browser, or any relevant versions.

How We Handle Security Reports

Once we receive your report, our security team will review and assess the issue. We aim to respond within 24-48 hours. If the vulnerability is confirmed, we'll work on a fix immediately and keep you updated throughout the process.

Bug Bounty Program

We value the contributions of our security community. If your report leads to the discovery of a critical vulnerability, we offer rewards through our bug bounty program as a thank you for helping keep Compass secure.