Security programme

Responsible disclosure

We take the security of our platform seriously. If you discover a potential security vulnerability, please report it to us privately before making any public disclosure.

What to include

• A description of the vulnerability and potential impact
• Steps to reproduce the issue
• Any relevant logs, screenshots, or proof-of-concept code
• Your contact information (optional, for follow-up)

Our response

We aim to acknowledge reports within 3 business days when possible, investigate promptly when we can, and keep you informed of our progress. We do not intend to pursue legal action against researchers acting in good faith.