Responsible disclosure

Report security issues privately; we do not offer bounties or promised timelines, but we aim to reply and coordinate fixes.

Scope

The landing pages, demo site, and related repo code under this organization.
Evidence Pack artifacts and published bundles.
Infrastructure served via Cloudflare Pages.

How to report

Include steps to reproduce, impact, and any safe proof-of-concept. We read reports on best effort, but we cannot promise response times.

Use the contact listed in /.well-known/security.txt (email: tsaielectro0628@gmail.com) and reference this page.

Safe harbor

Do not destroy data or disrupt services.
Avoid privacy invasions.
Coordinate with us before public disclosure.

Testing in good faith and sharing findings responsibly is appreciated.