Responsible Disclosure Policy

How to report a vulnerability

We kindly ask you to report your findings as follows:

• Send your report to: team@reportapp.nl

• Preferably encrypt your message using our PGP key (GPG-compatible) to prevent sensitive information from being intercepted in transit.

• Include sufficient details for us to reproduce the issue. For example: the URL or screen of the affected module, a description of the problem, and if possible, a proof of concept.

• Indicate whether you would like to report anonymously or under a pseudonym — we fully respect your choice.

We ask you to:

• Not exploit the vulnerability (i.e., do not read, modify, or delete any reports).

• Not collect, download, or distribute any confidential data.

• Refrain from using techniques such as social engineering, DDoS attacks, spam, or exploiting third-party systems.

• Not create persistent access (such as a backdoor).

• Not share the vulnerability with third parties until it has been resolved.

• Delete any confidential data you may have obtained as soon as you have submitted your report.

• Not upload harmful or unwanted content via content pages, especially if you have admin access.

• If you intend to actively search for vulnerabilities, please notify us at least one day in advance.

What you can expect from us:

• You will receive an acknowledgment of receipt and an initial assessment within 5 business days.

• Your report will be treated with strict confidentiality. You may remain anonymous, and your information will not be shared without your consent, unless legally required.

• We will keep you informed about the progress and let you know when the issue has been resolved.

• We will not take legal action against reporters who act in good faith and adhere to these guidelines.