Our approach to security
Security and privacy are part of how we design and operate DevDocs from the start, not an afterthought. We aim to collect only the data we need, protect it in transit, and stay transparent about how we handle security issues.
Compliance
We are currently pursuing SOC 2 Type II, with completion targeted for late 2026. This work is in progress: we are not yet certified or audited, and we will update this page as our compliance program matures.
Reporting a vulnerability
If you believe you have found a security vulnerability, please email security@devdocs.work. Include a clear description of the issue, the steps to reproduce it, and the affected URL or component. We acknowledge receipt of every report and will keep you updated as we investigate.
For security researchers
Our canonical, machine-readable security contact and policy live in our security.txt, published per RFC 9116.