SECURITY AND VULNERABILITY DISCLOSURE POLICY

Version 1.0

We take security seriously. If you believe you have discovered a vulnerability in WishKit, please report it responsibly.

Contact

Email: support@wishkit.io

Bug Bounty

We do not offer a bug bounty or monetary rewards at this time.

Scope

In scope: WishKit web applications and APIs at wishkit.io and its subdomains that we control.

Out of scope: third-party services or integrations, denial-of-service attacks, social engineering, physical attacks, and automated scanning that degrades service.

Guidelines

• Act in good faith and comply with all applicable laws.
• Use only test accounts or accounts you own.
• Do not access, modify, or delete data that is not yours.
• Do not disrupt or degrade our services.
• Provide enough detail for us to reproduce and understand the issue.
• Keep details confidential until we have addressed the issue.

Safe Harbor

We will not initiate legal action against you for good-faith security research that complies with this policy. If you inadvertently access data, stop immediately and report what you accessed so we can remediate.

Disclosure Timing

Please allow us a reasonable time to investigate and fix any issues before public disclosure.