Security & Vulnerability Disclosure

1. How to report a vulnerability

Please send a report with as much detail as possible, including steps to reproduce and any proof-of-concept code.

• Email: security@[YOURDOMAIN].com (recommended)
• If you don’t have a dedicated security inbox yet, you may temporarily use our general contact page:/contact

Tip: using a dedicated alias like security@ that forwards internally usually keeps spam manageable and helps triage security reports.

2. Safe harbor

If you make a good-faith effort to comply with this policy, we will not initiate legal action against you for security research conducted in accordance with this policy.

3. Guidelines

When researching or reporting, please:

• Do not access or modify data that does not belong to you.
• Do not disrupt service availability (no denial of service testing).
• Use the minimum amount of data necessary to demonstrate the issue.
• Provide reasonable time for us to investigate and remediate before public disclosure.

4. What to expect

• We’ll aim to acknowledge receipt within 7 business days.
• We’ll work to validate and remediate confirmed issues in a reasonable timeframe.
• We may ask for additional information to reproduce the issue.