Wordform AI
Tools
Contact

Responsible Disclosure

Last update: November 6, 2025

Please read this Disclosure ("Disclosure") carefully before using the website (the "Service") operated by SCPS Technologies LLC ("us", "we", or "our").

This page explains our affiliate relationships, sponsorships, and any compensation we may receive, as well as general earnings and testimonial disclaimers.

Introduction

SCPS Technologies LLC welcomes feedback from security researchers and the public to enhance our security. If you find a vulnerability, privacy issue, or other security concern in our assets, please report it following this policy.

Systems in Scope

This policy applies to all digital assets owned, operated, or maintained by SCPS Technologies LLC.

Out of Scope

  • A vulnerability is a weakness in our products or infrastructure that could affect confidentiality, integrity, or availability. The following are not considered vulnerabilities:
  • Account enumeration, XMLRPC, DoS and other non-critical vulnerabilities on the blog section of the website;
  • Missing MTA-STS DNS record;
  • Missing domain lock flag;
  • No immediate OAuth session invalidation -- happens in a few hours;
  • Theoretical issues with no realistic exploit;
  • Allowed weak passwords, as our app nudges people to use a password manager;
  • Clickjacking on unauthenticated or static pages.
  • Leaks to Sentry.io -- they are auto-scrubbed on the receiving end;
  • Assets or equipment not owned by SCPS Technologies LLC.

Vulnerabilities discovered or suspected in out-of-scope systems should be reported to the appropriate vendor or applicable authority.

Our Commitments

When you report a vulnerability, you can expect us to:

  • Respond promptly and validate your report;
  • Keep you informed about the vulnerability's progress;
  • Remediate vulnerabilities promptly within our constraints;
  • Provide Safe Harbor for your good-faith research.

Our Expectations

To participate in our vulnerability disclosure program, please:

  • Follow this policy and relevant agreements;
  • Report vulnerabilities promptly;
  • Avoid violating privacy, disrupting systems, or harming users;
  • Use only official channels for communication;
  • Allow at least 90 days to resolve issues before public disclosure;
  • Test only in-scope systems and respect out-of-scope areas;
  • Limit data access to what’s necessary and stop if you encounter sensitive information;
  • Use only your own test accounts or those with explicit permission;
  • Avoid extortion.

Exclusions

Do not:

  • Cause denial of service;
  • Interact with accounts without permission;
  • Test contact and support forms.

Definition of a Vulnerability

SCPS Technologies LLC considers a security vulnerability to be a weakness in one of our products or infrastructure that could allow an attacker to impact the confidentiality, integrity, or availability of the product or infrastructure.

  • Presence or absence of HTTP headers (X-Frame-Options, CSP, nosniff, etc). These are considered security best practices and therefore we do not classify them as vulnerabilities.
  • Missing security-related attributes on non-sensitive cookies. The absence of these headers on non-sensitive cookies is not considered a security vulnerability.
  • Theoretical security issues with no realistic exploit scenario(s) or attack surfaces, or issues that would require complex end user interactions to be exploited.
  • Any issues regarding domain settings (such as SPF policy, DKIM settings, etc) are not a vulnerability.
  • Clickjacking reports against unauthenticated pages and/or static content resources are not a vulnerability.

Safe Harbor

Research conducted under this policy is:

  • Protected under applicable anti-hacking and anti-circumvention laws;
  • Exempt from certain Terms of Service restrictions related to security research;
  • Considered lawful and conducted in good faith.

Ensure compliance with all applicable laws. If a third party initiates legal action and you followed this policy, we will support your compliance.

If unsure about your research's compliance, report it through official channels before proceeding.

Safe Harbor applies only to claims within our control and does not bind independent third parties.

Contact Us

If you find a vulnerability, please contact us with detailed information.

Wordform AI
© 2023 - 2025 SCPS Technologies LLC, All rights reserved
Affiliates Legal Contact Login