Coordinated disclosure
Security Policy
Last updated: 14 June 2026
Thank you for helping keep this website and its visitors safe.
1. Reporting a vulnerability
Use the protected contact form and begin the message with "Security report". Include the affected URL, a clear description, reproduction steps, and the potential impact. Please avoid including unnecessary personal or confidential data.
2. Research guidelines
Act in good faith and only test what is necessary to confirm the issue. Do not access, modify, retain, or disclose other people's data. Avoid denial of service, automated high-volume scanning, social engineering, physical attacks, spam, and disruption of production services.
Do not publicly disclose a vulnerability before there has been a reasonable opportunity to investigate and remediate it.
3. What to expect
Reports will be reviewed and handled according to their severity and practical impact. Additional information may be requested through the contact details you provide. This policy does not offer monetary rewards or create a contractual obligation.