Security Policy

24th June 2021

Contact Information

We provide a security.txt file for structured security contact information. You can also use the contact page on this site to send us a message. You may also use email [email protected]. Please remember that email is unencrypted by default so be careful what you send us.

Security Statement

The security of our website is of great importance and we make every effort to maintain good security standards and processes. We routinely ensure security updates are applied to all levels of software and we constantly monitor for modified files and unauthorised login attempts. While we don't collect much, we do our best to keep users personal data secure and safe. For more information please refer to our privacy policy.

Disclosure Policy

If you discover a security vulnerability, we would be very greatful for you to let us know, provided that you follow the terms of our disclosure process:

  • The disclosure must be made following the contact procedure set out above.
  • The disclosure may be made anonymously.
  • The disclosure you make to us should relate directly to this site or to the email service associated with it.
  • The disclosure must relate to a service in our control, rather than to a matter which is the responsibility of a third party providing a service to us.
  • The disclosure must not be released to the public without our prior consent.
  • Abusive or threatening language, harassment, impersonation, or any other kind of criminal activity, will be reported to the relevant authorities and pursued to the full extent of the law.
  • Automated penetration testing or unauthorised attempts to gain access to our site will be treated by us as a deliberate attack and be subject to legal action.
  • The disclosure must relate to a matter set out below and specifically not to matters such as the exact configuration of our current security headers or to recently announced zero-day vulnerabilities:
    • Information leakage, or leakage of personal data
    • Unauthorised access at either user or root level
    • Code injection
    • Remote code execution

When a potential security issue is reported privately in accordance with these terms, we will check the issue and respond to you if you have provided valid contact details.

We will not take legal action against anyone who reports a security concern to us privately, in accordance with this policy, and without having undertaken intrusive testing. We are not currently able to offer bug bounties or similar cash rewards, but, with your consent, we would be happy to publish an acknowledgement on this site to express our gratitude.

Thanks and acknowledgements

We would like to thank the following testers, researchers, and developers:

-