Protecting accounts and operations.
Last updated 13 July 2026. This page describes controls currently represented in the production code and how to report a security concern.
Current security controls
Security limits
No service, encryption method, or review process guarantees that an incident cannot occur. Dog Meetup does not claim that every account, user statement, park, or device is independently verified. Security depends on keeping supported app versions current, protecting administrator credentials, monitoring alerts, testing restores, rotating secrets, and responding promptly to reports. Planned controls must not be described as active until they are implemented and verified.
Report a vulnerability
Email dev@prints3d.org with the affected page or app version, safe steps to reproduce, expected impact, and any non-sensitive screenshot or log. Do not include passwords, session tokens, or another person's personal data. We will acknowledge and triage credible reports as resources permit.
Rules for responsible testing
- Do not access, alter, delete, or download another person's data.
- Do not use denial-of-service tests, brute force, spam, automated account creation, malware, or social engineering.
- Do not disrupt meetups, moderation, support, email, push delivery, backups, or production availability.
- Stop testing and report promptly if you encounter personal data, credentials, or a path to material harm.
- A report does not create authorisation to test beyond your own account or bypass applicable law.
Incident response and personal-data breaches
The response process is to contain the event, preserve relevant evidence, identify affected systems and data, rotate credentials where needed, restore safely, and document decisions. A service outage is not automatically a personal-data breach. If a breach is likely to create a risk to people, Dog Meetup assesses notification to the Irish Data Protection Commission without undue delay and, where required, within 72 hours of awareness. People affected by a likely high-risk breach are informed without undue delay when the law requires it.
Security records and privacy
Logs are designed to contain event facts such as an action, account or target identifier, timestamp, user agent, app version, and hashed IP context. They must not contain raw passwords or session tokens. Access is limited to a legitimate security, privacy, support, moderation, or legal purpose and administrator reads are themselves audited.