ismyappbroken.com
PricingSign in
← ismyappbroken.com

Responsible disclosure

We take security seriously. If you discover a vulnerability in ismyappbroken.com itself, we want to hear about it before public disclosure.

How to report

Email security@ismyappbroken.com with a clear description, steps to reproduce, and potential impact. Do not publicly disclose the issue until we have had a reasonable time to address it.

What we aim for

  • Acknowledgement within 48 hours when possible
  • An initial assessment within 7 days for valid reports
  • No legal action against good-faith research that complies with this policy
  • Credit in advisories if you would like to be named

Scope

The ismyappbroken.com web application, API endpoints under our control, and the public dashboard as deployed for our production domain.

Out of scope

  • Third-party services (e.g. Supabase, Stripe, Vercel) — report to those vendors
  • Social engineering or physical attacks
  • Denial-of-service or resource exhaustion tests
  • Scanning other users’ targets without authorization