Security Disclosure
We appreciate responsible reports that help us keep CloakScan and users safe.
How to report
Send details to security@cloakscan.com with:
- Affected URL(s) and environment
- Step-by-step reproduction
- Expected vs observed behavior
- Potential impact
- Proof of concept (if available)
Scope and rules
- Test only assets owned by CloakScan.
- Do not access, modify, or delete user data.
- Do not use social engineering, phishing, or physical attacks.
- Avoid service disruption (DoS/DDoS, brute force).
Response targets
- Initial triage response: within 3 business days
- Status updates: at least weekly while under review
We currently do not run a public paid bug bounty program.