Security
Security
Crawler safety, SSRF protection and privacy-safe logging are core platform requirements.
Vulnerability disclosure
Security reports should be sent to Protected email address. Include the affected URL, reproduction steps, impact, and your preferred contact method. Do not include secrets or personal data unless absolutely necessary.
Scope
In scope: vulnerabilities affecting atlasofdomains.com, public Atlas routes, API endpoints, deployment configuration, authentication surfaces if introduced later, and data exposure risks.
Out of scope
Denial-of-service testing, spam, social engineering, physical attacks, destructive testing, malware, data exfiltration, credential stuffing, and tests against third-party systems are not authorized.
Safe harbor placeholder
We intend to treat good-faith, non-destructive research as helpful, provided it avoids privacy harm, service disruption, persistence, and unauthorized data access. Final safe-harbor language should be reviewed by counsel.
Response process
We aim to acknowledge valid reports, triage severity, remediate where appropriate, and coordinate disclosure timelines. Abuse reports should go to Protected email address.