How to Report a Security Issue
- Open a Ticket: Please report any security concerns by emailing us at [email protected].
- Keep it Private: Do not share or publish details of the issue until we have fixed it.
What to Report (In Scope)
- Security bugs (e.g., injection, authentication, or data exposure issues)
- Weaknesses in our product or service configurations
- Misconfigurations that could allow unauthorized access
- Cross-site scripting (XSS), cross-site request forgery (CSRF), or server-side request forgery (SSRF)
- Business logic flaws that affect user security or privacy
What Not to Do (Out of Scope)
- Do not disrupt our services (no denial-of-service or similar attacks)
- Do not share vulnerabilities with others before we fix them
- Do not exploit vulnerabilities for any reason except reporting
- Do not access data or accounts that are not yours
- No social engineering (do not try to trick our staff or users)
- No automated scanning without our permission
What Happens After You Report
- We will acknowledge your report within 48 hours.
- We will review the issue and respond within 5 business days.
- We will keep you updated as we work on a fix.
- We will let you know when the issue is resolved.
Safe Harbor
- If you follow this policy in good faith, we will not take legal action against you.
- We will work with you to understand and fix the issue.
- We may recognize your contribution if you wish.
- We will keep your identity confidential if requested.