Legal
Responsible Disclosure
Help us keep the site and our customer tenants safe. This page is the canonical channel for reporting security issues.
Last revised · 2026-04-20
How to report
Email security@helptype.md with a clear description and reproduction steps. Encrypt with our PGP key if the finding is sensitive — fingerprint: {{PGP_FINGERPRINT}}.
{{PGP_FINGERPRINT}}
security@helptype.mdIn scope
- helptype.md (production) and any customer-owned subdomain pointed at our managed tenant
- helptype.md API endpoints (/api/**)
- Helptype-authored mobile or desktop clients
Out of scope
- Third-party services we rely on (AWS, PagerDuty, Datadog) — report those upstream
- Social engineering, phishing, or physical attacks against Helptype staff
- DoS/DDoS or volumetric attacks
- Self-XSS or issues requiring full victim-device compromise
Safe harbor
As long as you act in good faith, stay within scope, avoid disrupting service, and give us reasonable time to respond, we won't pursue legal action against you.
Response SLA
First reply
1 business day
Triage complete
3 business days
Remediation (severity-dependent)
Severity-dependent; critical within 30 days, high within 90 days
Hall of fame
No reports have been credited yet — the first reporter's name lands here.