Promvel

Responsible Disclosure

Expires: Jan 1, 2028

We take the security of Promvel seriously. If you've discovered a vulnerability, we appreciate you giving us the chance to fix it before disclosing it publicly.

How to Report

Email [email protected] with the following information:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact or severity
  • Any relevant screenshots or proof of concept

What to Expect

  • We'll acknowledge your report within 48 hours
  • We'll keep you updated as we investigate and resolve the issue
  • We'll notify you when the vulnerability has been fixed

Our Ask

Please don't share or exploit the vulnerability until we've had a reasonable chance to address it. We won't take legal action against researchers who follow these guidelines in good faith.

Scope

  • In scope: promvel.com and its subdomains
  • Out of scope: denial of service attacks, social engineering, spam, third-party services

Rewards

We don't currently offer monetary rewards, but we genuinely appreciate every responsible report and will acknowledge contributors upon request.