Security

Found a security issue? We want to know before anyone else does. Email [email protected] and we'll take it seriously.

Reporting

Include what you found, how to reproduce it, and what you think the impact is. A rough report is fine. We don't need a polished writeup, just enough to reproduce the problem.

Scope

kalosio.com

prtlive.app

cow.yoga (this site)

Third-party services we use are their own scope. Report those directly to them.

Out of scope

Please don't test using social engineering (phishing our team, pretexting), physical access attempts, or denial-of-service techniques against our infrastructure. Automated scanning that meaningfully degrades the site for other visitors is also out of scope.

What to expect

We'll acknowledge real reports within a few business days and keep you posted while we fix it. Good-faith security research won't result in legal action from us: don't access data that isn't yours, don't disrupt the service for other people, and give us a reasonable chance to fix things before going public.

We don't have a paid bug bounty program right now, but we'll credit you publicly if you'd like.

Machine-readable: /.well-known/security.txt