Security

Security

Crawler safety, SSRF protection and privacy-safe logging are core platform requirements.

Vulnerability disclosure

Security reports should be sent to Protected email address. Include the affected URL, reproduction steps, impact, and your preferred contact method. Do not include secrets or personal data unless absolutely necessary.

Scope

In scope: vulnerabilities affecting atlasofdomains.com, public Atlas routes, API endpoints, deployment configuration, authentication surfaces if introduced later, and data exposure risks.

Out of scope

Denial-of-service testing, spam, social engineering, physical attacks, destructive testing, malware, data exfiltration, credential stuffing, and tests against third-party systems are not authorized.

Safe harbor placeholder

We intend to treat good-faith, non-destructive research as helpful, provided it avoids privacy harm, service disruption, persistence, and unauthorized data access. Final safe-harbor language should be reviewed by counsel.

Response process

We aim to acknowledge valid reports, triage severity, remediate where appropriate, and coordinate disclosure timelines. Abuse reports should go to Protected email address.

Ad slot: static-top
Ad slot: static-inline
Ad slot: static-bottom