Vulnerability Disclosure Policy
We take the security of uptimeify.io seriously. If you've found a vulnerability, we want to hear from you — and we commit to working with you to address it responsibly.
We will acknowledge receipt of your report within 72 hours and keep you informed as we investigate and remediate the issue. We will not take legal action against researchers who act in good faith and follow this policy.
We follow a 90-day responsible disclosure timeline — after 90 days, you are free to publish your findings regardless of our remediation status.
- →uptimeify.io (web app)
- →ping.uptimeify.io
- →Authentication & sessions
- →Authorization & access control
- →Data exposure / leaks
- →Injection vulnerabilities
- →Business logic flaws
- →Denial of service (DoS)
- →Social engineering of staff
- →Physical security
- →Third-party services
- →Issues in outdated browsers
- →Missing security headers only
- →Self-XSS
- →Do not access, modify, or delete data belonging to other users
- →Do not perform actions that degrade service availability
- →Do not use automated scanners against production systems without prior approval
- →Do not disclose the vulnerability publicly before the 90-day window has passed
- →Act in good faith — demonstrate impact without exceeding what is necessary
We currently do not offer a monetary bug bounty program. However, researchers who report valid, in-scope vulnerabilities will be recognised publicly on our Security Hall of Fame — unless they prefer to remain anonymous.
Last updated: May 2026 · security.txt