Responsible disclosure
Report public security issues through a bounded process.
If you believe you have found a security issue affecting the public Vaultaproof website or a public software release, report it to info@vaultaproof.com.
Good-faith reports should stay narrow, reproducible, and respectful of data boundaries.
Disclosure process
What we need from a report
The public disclosure path is designed for useful reports, not broad exploratory access.
Report address
Include reproduction details, affected URLs, and impact.
info@vaultaproof.com
activeScope
Do not assume private customer environments are in scope for this public process.
Public website behavior and public software surface
boundedExpectation
Stop if you encounter personal or customer data and say so in the report.
Good-faith research with minimal access and clear reporting
trackedIn scope
01
vaultaproof.com and public subdomains controlled by Vaultaproof
02
Public web endpoints and public website behavior
03
Publicly published software downloads, when such releases exist
Out of scope
01
Denial-of-service testing, traffic floods, or resource exhaustion
02
Social engineering, phishing, or physical attacks
03
Automated scans that create unnecessary load or noise without a specific finding
04
Accessing, modifying, or exfiltrating data beyond what is minimally required to demonstrate an issue
Expectations
Good-faith research should stay precise.
01
Report the issue to info@vaultaproof.com with reproduction details, affected URLs, and impact.
02
Use test accounts or your own accounts where possible.
03
Stop if you encounter personal or customer data and include that fact in the report.
04
Give us a reasonable opportunity to investigate and remediate before public disclosure.