HomeSecurity
Security

Vulnerability disclosure

Found a security issue? Report it responsibly and we will work with you to fix it fast.

We take the security of our site and our clients seriously. If you believe you have found a security vulnerability affecting Cyberou, we want to hear from you, and we will work with you to resolve it quickly.

How to report

Email a description of the issue to hello@cyberou.com with the subject line Security. Please include enough detail for us to reproduce it: the affected URL or endpoint, the steps to trigger it, and its potential impact.

What to expect

  • We aim to acknowledge your report within two business days.
  • We will keep you updated as we investigate and fix the issue.
  • With your permission, we are happy to credit you once the issue is resolved.

Safe harbour

If you make a good-faith effort to comply with this policy during your research, we will consider it authorised, will not pursue legal action against you, and will work with you to understand and resolve the issue quickly.

In scope

  • The cyberou.app and cyberou.com websites and their supporting infrastructure.

Out of scope

  • Findings from automated scanners without a demonstrated, realistic impact.
  • Social engineering, physical attacks, or denial-of-service testing.
  • Reports affecting third-party services we do not control.

Please do not

  • Access, modify, or delete data that is not yours.
  • Degrade the experience for other users.
  • Publicly disclose the issue before we have had a chance to fix it.