AplydSecurity
Responsible disclosure policy and security practices
🛡 Security is a top priority at Aplyd
Responsible Disclosure
We welcome security researchers who help us keep Aplyd safe. If you discover a vulnerability, please report it responsibly.
How to Report
Email: security@aplyd.co
Please include:
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Your name/handle (for Hall of Fame credit)
We aim to acknowledge reports within 48 hours and provide a fix timeline within 7 days.
Scope
| Target | Status |
|---|---|
| aplyd.co (main application) | In scope |
| admin.aplyd.co (admin panel) | In scope |
| API endpoints (/api/v1/*) | In scope |
| Authentication & authorization | In scope |
| Third-party services (Stripe, Google, etc.) | Out of scope |
| Social engineering / phishing | Out of scope |
| Denial of service attacks | Out of scope |
| Automated scanning without permission | Out of scope |
Recognition
We do not offer monetary bounties at this time. However, we gratefully acknowledge researchers who report valid vulnerabilities in our Hall of Fame.
🏆 Hall of Fame
Security researchers who have helped improve Aplyd's security:
No submissions yet. Be the first to help secure Aplyd.
Guidelines
- Do not access or modify other users' data.
- Do not perform destructive testing (data deletion, DoS, etc.).
- Do not publicly disclose vulnerabilities before they are fixed.
- Use a test account you own for testing.
- Act in good faith — researchers following these guidelines will not face legal action.
Contact
General security questions: security@aplyd.co