Security and Vulnerability Disclosure
Last updated: June 8, 2026
AppSafe is a security product, and we welcome responsible reports about vulnerabilities in AppSafe itself. Please do not use this process to report findings from scans of your own sites; those belong in your dashboard.
Report a Vulnerability
Email [email protected] with a clear description, affected URL or feature, reproduction steps, impact, and any relevant screenshots or proof-of-concept details.
Authorized Testing Scope
You may test the public AppSafe application at appsafe.dev in a good-faith, non-disruptive way.
Do not:
- Access, modify, delete, or exfiltrate another user's data.
- Run denial-of-service, stress, spam, or resource-exhaustion tests.
- Bypass payment flows to obtain paid features without authorization.
- Use social engineering, phishing, physical attacks, or third-party service attacks.
- Persist backdoors, malware, cryptominers, or destructive payloads.
Safe Harbor
If you act in good faith, stay within this policy, avoid privacy violations, and report vulnerabilities promptly, we will not pursue legal action against you for the research activity itself.
Abuse and Unauthorized Scanning
If you believe AppSafe is being used to scan a system without authorization, email [email protected] with the target domain, approximate time, and context.