Although we all do our best to make this project as secure as possible, we also realize that humans sometimes make mistakes. We take security seriously and we value the contributions that the security community brings to this project.

We ask security researchers to follow the guidelines listed below.

• Please limit your research to the scope of this project:
  • The contents of this repository.
  • The following deployments of this project:
    • (TODO)
  • Out of scope are:
    • Third party services.
    • Physical security.
    • Social engineering.
    • (Distributed) Denial of Service.
    • Spamming.
    • UI/UX bugs and spelling mistakes.
• Please do not violate of anyone's privacy.
• Please do not disrupt production deployments.
• Please do not destruct any data.
• Please do not take advantage of the vulnerability more than necessary to demonstrate the vulnerability.
• Please report the issue to us privately to hi (at) htdvisser (dot) dev.
  You may encrypt your email with PGP key A115FF80DC8A2270.
• Please provide sufficient information to reproduce the issue.
• Please include your name and link for recognition, or indicate that you want to remain anonymous.
• Please do not request compensation for reporting a vulnerability.
• Please do not reveal the vulnerability to others until 14 days after it has been resolved or until 90 days have passed since reporting the vulnerability.

If you follow the guidelines above, we will follow the ones below.

• We will not take legal action against you related to your report.
• We will acknowledge your vulnerability report as soon as possible.
• We will work with you to understand and resolve the issue quickly.
• We will keep you informed of our progress.
• We will publicly thank you (by name or as "a security researcher" if you prefer) in the Pull Request that fixes the issue.