← Back to homeSecurity Policy
Last updated: April 2026
Reporting a vulnerability
We take security seriously. If you believe you've found a security vulnerability in PageStrike, please report it responsibly by emailing security@pagestrike.com.
Please include:
- A clear description of the issue
- Steps to reproduce (URLs, requests, responses)
- The potential impact
- Your suggested severity (low / medium / high / critical)
Our commitment
- Acknowledge receipt within 2 business days
- Provide a technical assessment within 5 business days
- Keep you informed of the resolution progress
- Not pursue legal action against good-faith researchers
Scope
In scope:
- pagestrike.com and all subdomains
- pagestrike.app (publishing domain)
- Authentication and authorization flows
- API endpoints (/api/*)
- Data exposure and access control
Out of scope:
- Missing security headers with no demonstrable impact
- Self-XSS without a realistic attack vector
- Rate-limiting bypasses without amplification
- Third-party services we don't control (Supabase, OpenAI, etc.)
- Social engineering and physical attacks
- DDoS attacks
Bug bounty program
We currently do not operate a paid bug bounty program. Valid reports of high-impact vulnerabilities will receive public acknowledgment on this page (with your consent).
Acknowledgments
Researchers who have responsibly disclosed vulnerabilities will be credited here.