Security & Responsible Disclosure

We appreciate responsible security research. This page explains how to report vulnerabilities and what activities are and are not authorized.

1. How to report

Please report suspected vulnerabilities using the inquiry form and include “Security” and a clear description of: (a) affected URL(s); (b) reproduction steps; (c) impact; and (d) any proof-of-concept that is safe and minimally invasive.

2. Guidelines (safe harbor-style)

• Make a good-faith effort to avoid privacy violations, data destruction, and service disruption.
• Do not access or modify data that does not belong to you.
• Do not use social engineering, phishing, or physical attacks against the Operator or service providers.
• Do not run denial-of-service tests.
• Give a reasonable time to address the issue before public disclosure.

3. Scope

This policy applies only to this Site. Third-party services (e.g., analytics or escrow providers) are out of scope and should be reported to those providers.

4. No bounty commitment

We do not promise any reward or bounty. However, we value clear reports and may acknowledge contributions at our discretion.