Introduction

We are committed to maintaining the security and privacy of our systems and data. We value the efforts of security researchers and the wider community in helping us achieve this goal. This policy describes how to report vulnerabilities and what you can expect from us.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability, please report it to us via:

• Secure web form: Contact Us
• When submitting a report, please include:
• The website, IP, or page where the vulnerability can be observed.
• A brief description of the vulnerability type (e.g., “XSS vulnerability”).
• Steps to reproduce the vulnerability, including a benign proof of concept.

Scope

The following are in scope:

• Vulnerabilities with a significant security impact, such as authentication bypass, privilege escalation, or data leakage.

The following are out of scope (and will generally not receive a response):

• Missing security headers (e.g., CSP, HSTS)
• Clickjacking on non-sensitive pages
• Outdated software with no known security impact
• Information disclosure of non-sensitive contents (e.g., robots.txt, sitemap.xml)
• Theoretical attacks with no realistic exploit scenario
• Issues requiring social engineering, physical access, or denial-of-service testing

Our Commitment

• We will acknowledge receipt of your report within 10 business days.
• We will keep you informed of our progress and provide an estimated timeline for remediation.
• We will not take legal action against you if your research and reporting comply with this policy.
• We may publicly acknowledge your contribution if you wish.

Your Commitment

• Act in good faith to avoid privacy violations, destruction of data, or interruption of services.
• Do not exploit the vulnerability beyond what is necessary to demonstrate its existence.
• Do not publicly disclose details of the vulnerability before it is resolved.

Thank You
We appreciate your help in keeping our systems and users safe.