Security Policy
Last updated: August 22, 2024
At InstaPilau, we take security seriously. We welcome and encourage responsible disclosure of vulnerabilities to help us protect our users and platform.
Reporting a Vulnerability
If you discover a vulnerability in our systems, please email us at security@instapilau.com with the following:
- Detailed steps to reproduce the issue
- Affected URLs or systems
- Your contact information
Rules of Engagement
To qualify for recognition and legal safe harbor, researchers must:
- Never destroy, access, or modify user data
- Only test on your own accounts
- Use non-invasive testing methods
- Avoid service disruption or denial-of-service attacks
Out of Scope
The following are not considered in scope for this program:
- Denial of Service (DoS)
- Spam, social engineering, or phishing
- Clickjacking on static pages
- Missing HTTP headers (unless critical)
- Issues in third-party services
Recognition
We maintain a Hall of Fame to acknowledge researchers who responsibly disclose valid vulnerabilities.
Legal Safe Harbor
We commit not to pursue legal action against researchers who comply with this policy and act in good faith.