If you believe you have found a security vulnerability in our product, infrastructure, or data handling, please email us with enough detail for us to reproduce and assess the issue. We appreciate responsible disclosure.
What to include
- A clear description of the issue and its potential impact
- Steps to reproduce, or a proof-of-concept where safe to share
- Affected URLs, components, or versions if known
- Your contact information (we may ask follow-up questions)
What we ask of you
- Give us a reasonable time to investigate and remediate before public disclosure (we aim to acknowledge within a few business days)
- Do not access, modify, or delete data belonging to other users
- Do not perform testing that could degrade the Service for others (e.g. sustained load testing) without prior agreement
Out of scope
Findings reported by VibeScan about your or another customer's application are product output, not vulnerabilities in VibeScan itself. For help interpreting scan results, email support@vibescan.co. Social engineering, spam, or physical attacks are out of scope.