We take security seriously, because the communities we serve deserve nothing less.
WebPro Productions, LLC (operating eCatholic and GabrielSoft)
Last updated: June 10, 2026
Our Commitment WebPro Productions, LLC welcomes feedback from security researchers and the public to help us keep our products and the communities we serve safe. If you believe you have discovered a vulnerability in any of our systems, we want to hear from you. This policy describes what systems are covered, how to report a vulnerability to us, and what you can expect from us in return.
Scope This policy applies to the following systems we own and operate:
ecatholic.com and all subdomains
gabrielsoft.com and all subdomains
webproproductions.com and all subdomains
Customer websites: All customer websites (for example, individual parish or diocese websites) are hosted on our platform. Vulnerabilities in our platform, hosting infrastructure, or first-party functionality are in scope — including those discovered on a customer's site. Issues arising solely from customer-added content or customer-added third-party scripts are out of scope; we will route those to the customer. If in doubt, report it and we will triage it appropriately. Any system not expressly listed above — including third-party services and vendors we integrate with — is out of scope. Vulnerabilities in third-party products should be reported directly to the vendor.
A description of the vulnerability and its potential impact
The URL, IP address, or product where you found it
Steps to reproduce (HAR file, proof-of-concept scripts and screenshots are helpful)
Your name/handle and contact information, if you wish to be acknowledged (anonymous reports are accepted)
Please report in English if possible. We do not require you to create an account or sign anything to submit a report.
What to Expect From Us
We will acknowledge receipt of your report within 3 business days (72 hours).
We will work to validate your report promptly and keep you informed of our progress toward remediation, to the best of our ability.
We will treat your report confidentially and will not share your personal information with third parties without your permission, except as required by law.
We will thank you. We do not operate a bug bounty program and do not offer monetary rewards, but we are grateful for good-faith research and will say so.
Disclosure Timeline We ask that you give us a reasonable opportunity to remediate before any public disclosure. Our target is to resolve validated vulnerabilities within 90 days of your report. If you intend to publish your findings, please coordinate timing with us; we are happy to work with you on a mutually agreeable disclosure date, and we will not ask you to suppress disclosure indefinitely.
Ground Rules To remain within the protections of this policy, you must:
Make a good-faith effort to avoid privacy violations, degradation of service, and destruction or alteration of data
Access or expose only the minimum data necessary to demonstrate the vulnerability — do not download, retain, or share data belonging to us or our customers
Stop testing and notify us immediately if you encounter personal data, financial data, or credentials
Not perform denial-of-service testing, physical attacks, or social engineering (phishing, vishing) against our employees, customers, or infrastructure
Not use automated scanning at volumes that degrade service
Not attempt to extort, threaten, or condition disclosure on payment
Delete any data obtained during research once the report is resolved
Safe Harbor We consider security research conducted in good faith and consistent with this policy to be authorized under applicable computer access laws (including the Computer Fraud and Abuse Act and analogous state laws) and exempt from restrictions in our Terms of Service that would otherwise prohibit such activity. We will not initiate or recommend legal action against you for good-faith, policy-compliant research, and if a third party initiates legal action, we will make it known that your activities were conducted under this policy. If you are unsure whether your research is consistent with this policy, contact us at [email protected]before proceeding.
Questions Questions about this policy may be sent to [email protected].