Security and vulnerability reporting
Last updated: July 2026
1. Security approach
Reorganicer uses appropriate technical and organizational safeguards, including encrypted transport, password hashing, confirmed email addresses, access controls, login rate limits and technical logging. No internet-based service can guarantee absolute security or complete freedom from defects.
2. Reporting a security issue
Suspected vulnerabilities or security incidents can be reported through the contact page using the subject Security. Helpful reports include a clear description, affected URL, reproducible steps and potential impact. Do not send passwords, access tokens or another person's personal data.
3. Responsible reporting rules
- Test only with accounts and data that belong to you.
- Stop immediately and report the issue if another person's data becomes accessible.
- Do not alter, delete, download or publish data.
- No automated mass scanning, denial-of-service attempts, social engineering, spam or physical attacks.
- Do not publicly disclose details before reasonable time has been provided to investigate and remediate.
This policy does not grant permission for access or conduct that would otherwise be unauthorized or unlawful.
4. No compensation or consulting relationship
A report does not create an assignment, consulting, employment or other contractual relationship. There is no bug bounty program and no entitlement to compensation, reimbursement or public recognition unless expressly agreed in writing beforehand.
5. User responsibilities
Users should use a strong password unique to Reorganicer, never share credentials, regularly review project access and promptly report suspected account misuse.
6. Incident handling
Actionable reports are assessed according to risk. Containment, remediation and notification measures depend on the nature and severity of the incident and applicable legal obligations. No fixed response or remediation time is promised.