Security
We take security seriously. If you believe you’ve found a vulnerability in our application or infrastructure, please report it to us responsibly.
Reporting
- Email: security@unbrainrot.app
- Support: /support
Include a description, impact, reproduction steps, and any affected URLs or IDs. Please avoid accessing or modifying data that isn’t yours beyond what’s necessary to demonstrate the issue.
Safe Harbor
We will not pursue legal action against researchers who discover and report vulnerabilities in good faith and comply with this policy. Avoid privacy violations, service disruption, data destruction, or degrading user experience.
Scope (examples)
- Web application at unbrainrot.app and associated APIs
- Authentication, authorization, and access control issues
- Injection, XSS, CSRF, SSRF, insecure direct object references
- Business logic and data exposure problems
Out of scope: Denial of service, social engineering, non-security content issues, reports without a clear security impact, automated scan results without proof of exploitability.
Response & SLA
- Acknowledge receipt within 72 hours
- Provide status updates at least every 7 days until remediation
- Work with you on coordinated disclosure
security.txt
Our policy is also published at /.well-known/security.txt.