Responsible Disclosure Policy

At YELLOWHAK, we take security seriously. We appreciate the security community's efforts in helping us maintain a secure platform for our users.

Reporting a Vulnerability

If you believe you’ve found a security vulnerability in any of our systems, services, or infrastructure, we encourage you to report it responsibly. We welcome submissions from researchers, users, or anyone who discovers a potential issue that may affect confidentiality, integrity, or availability.

Scope

This policy applies to:

• All web applications under *.yellowhak.com
• Our client infrastructure during active engagements (with permission)
• Open-source projects officially maintained by YellowHak

Out-of-scope targets include third-party services not controlled by YellowHak and social engineering of our team or clients.

Guidelines

When reporting vulnerabilities, please:

• Provide detailed reports with reproducible steps
• Include any relevant logs, screenshots, or payloads
• Submit reports as soon as possible after discovery
• Do not access, modify, or delete data that is not yours
• Act in good faith and avoid service disruption (e.g., DoS)
• Allow reasonable time for us to validate and patch the issue before public disclosure

Our Commitment

We are committed to working with the security community to resolve issues quickly. We will:

• Acknowledge receipt of your report within 3 business days
• Provide a timeline for the investigation and resolution
• Keep you informed throughout the process
• Credit your contribution (with permission) on our Hall of Fame

Contact

Please submit vulnerability reports to security@yellowhak.com. We encourage you to encrypt sensitive details using our PGP key if needed (available on our website).