Security

1. Security Vulnerability Disclosure Policy

Our Commitment

Security is important to us. If you discover a security vulnerability in our systems, we appreciate your help in disclosing it responsibly. We are committed to working with security researchers in good faith and to handling reports fairly, confidentially, and promptly.

What we ask from you

Please:

• Act in good faith and avoid privacy violations
• Do not exploit the vulnerability beyond what is necessary to prove its existence
• Do not access, modify, delete, or store user data
• Do not disrupt our services (e.g. DoS/DDoS)
• Do not use automated scanning or brute-force techniques
• Do not publicly disclose the issue before we have had time to address it

Safe Harbor

If you comply with this policy:

• We will not pursue legal action against you
• We will treat your report as confidential
• We will not disclose your identity without your consent
• We will not interpret your actions as malicious
• Security research conducted in accordance with this policy is considered authorized.

How to Report a Vulnerability

Please email us at:

• contact@schabe.it

Include as much detail as possible:

• Description of the vulnerability
• Affected endpoint, feature, or URL
• Steps to reproduce
• Potential impact
• Screenshots or logs (no personal data, please)

Recognition

We are happy to acknowledge your contribution publicly or privately, at your request.