Security Policy

Audits Terms of Service – App Non-Disclosure Agreement Privacy Policy Security Policy Other Forms Terms of Service – API Channel Partnership

Last Updated: 16 January 2026

We welcome reports of security vulnerabilities that may affect the confidentiality, integrity, or availability of our systems.

Scope

In-scope vulnerabilities generally include:

  • Remote code execution
  • Authentication or authorization bypass
  • Sensitive data exposure
  • Logic flaws with security impact

Out of Scope

The following issues are considered out of scope and are not eligible for response or reward:

  • Clickjacking issues without demonstrable impact
  • Missing or overly permissive security headers (e.g., CSP, X-Frame-Options)
  • Self-XSS
  • Open redirects without a clear exploit scenario
  • CSRF on unauthenticated or non-sensitive actions
  • Rate-limiting or brute-force issues without impact
  • Reports based solely on automated scanning output

Reporting Guidelines

Please include:

  • A clear description of the issue
  • Steps to reproduce
  • Proof of concept where applicable
  • Assessment of potential impact

Do not perform testing that may disrupt service or access data belonging to other users.

Do not send encrypted archives or exploit payloads unless requested.

Contact

Please contact us by email at: [email protected]

We aim to acknowledge valid reports within a reasonable timeframe. We may not respond to reports that fall outside the scope defined in this policy.