Security

Security Policy

We take the security of our platform and user data seriously. This page outlines how to responsibly report security vulnerabilities you may discover.

Our Commitment

We are committed to working with security researchers who responsibly disclose vulnerabilities. While we do not currently offer a paid bug bounty program, we genuinely value and appreciate responsible disclosure efforts.

How to Report a Vulnerability

If you believe you have found a security vulnerability in YAPL, please send an email to:

security@yapl.app

When reporting, please include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • The potential impact of the vulnerability
  • Any proof-of-concept code or screenshots (if applicable)
What to Expect
  1. 1

    Acknowledgment

    We will acknowledge receipt of your report within 3 business days.

  2. 2

    Assessment

    Our team will investigate the report and assess its severity and impact.

  3. 3

    Resolution

    Depending on severity, we will prioritize and work on a fix. We'll keep you updated on our progress.

  4. 4

    Recognition

    With your permission, we will publicly acknowledge your contribution once the issue is resolved.

In Scope
  • yapl.app and all subdomains
  • YAPL web application
  • YAPL API endpoints
  • Authentication and authorization mechanisms
  • Data exposure vulnerabilities
Out of Scope
  • Denial of service (DoS) attacks
  • Social engineering attacks
  • Physical security issues
  • Vulnerabilities in third-party services
  • Automated scanning without prior permission
Rules of Engagement
  • Do not access or modify data belonging to other users
  • Do not perform attacks that could harm availability or integrity of our services
  • Do not perform social engineering against YAPL staff or users
  • Report vulnerabilities promptly; do not exploit them beyond what is needed to prove the issue
Recognition

We currently do not offer monetary rewards. However, researchers who responsibly disclose valid security issues will receive:

  • Public acknowledgment on our security hall of fame (with your permission)
  • Our sincere thanks and appreciation
Contact Us

For general security questions or to report a vulnerability:

security@yapl.appOr visit our support page