We take the security of our website and our users seriously. If you discover a security vulnerability, we appreciate your help in responsibly disclosing it to us so we can address it as quickly as possible.
Scope
This policy applies to:
-
- This website and its subdomains
- Publicly accessible applications, services, and APIs operated by us
This policy does not apply to:
-
- Third-party services or platforms not controlled by us
- Social engineering, phishing, spam, or physical attacks
- Denial-of-service (DoS or DDoS) attacks
How to Report a Vulnerability
If you believe you have found a security issue, please report it by using the contact form at the bottom of this page.
Please include, where possible:
-
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected URLs, endpoints, or features
- Any supporting materials (screenshots, logs, or proof of concept)
Responsible Disclosure
We ask that you:
-
- Act in good faith and avoid accessing or modifying user data
- Do not disrupt services or degrade performance
- Do not publicly disclose the vulnerability until it has been addressed
- Limit testing to what is necessary to demonstrate the issue
What You Can Expect from Us
If you report a vulnerability in accordance with this policy, we will:
-
- Acknowledge receipt of your report
- Investigate and validate the issue
- Work to resolve confirmed vulnerabilities in a timely manner
- Communicate progress when appropriate
Recognition
We may choose to acknowledge responsible disclosures publicly, unless you request to remain anonymous.
