Legal · Security
Responsible disclosure.
Found a vulnerability? Thank you - genuinely. Security researchers make everyone safer, and this page is our promise to treat you accordingly.
How to report
Email [email protected] with the subject “Security disclosure”: what you found, where, and steps to reproduce. A machine-readable pointer lives at /.well-known/security.txt.
Our commitments
- Acknowledgement within 24 hours, a substantive response within 72.
- No legal threats for good-faith research that respects the scope below.
- You are kept informed - triage, fix, deploy - and credited publicly if you wish (or kept anonymous if you prefer).
Good-faith scope
In scope: this website and systems we operate. Please do not: access or modify data that is not yours, run denial-of-service tests, social-engineer people, or test client-owned production systems (report those to us and we will coordinate with the client). We currently run no paid bounty programme and say so honestly rather than implying one.
Related: Security practices · Incident response · Contact