Security is a team effort, and we'd rather hear about a problem from you than from someone exploiting it. If you've found a vulnerability in AppHaven, we'd be grateful if you'd let us know.

How to report

Send the details to security@apphaven.eu. Include enough information for us to reproduce the issue, such as the affected URL or endpoint, the steps you took, and the impact you observed. A short proof-of-concept helps a lot.

What we'll do

A real person reads every report. We'll aim to acknowledge yours within 24 hours, work with you to confirm and fix the issue, and keep you posted on our progress. Once it's resolved, we're happy to credit you publicly if you'd like.

What we ask in return

Please give us a reasonable window to fix the issue before sharing it publicly, and avoid actions that could harm our users or their data, like accessing accounts that aren't yours or running automated scans that degrade service.

If you are unable to validate a bug due to limitations of your account, contact us, let us know what you need and we'll do our best to get you a relevant test account without customer data.

Scope

This policy covers the apphaven.eu website and the AppHaven platform. If you're unsure whether something is in scope, send it anyway and we'll figure it out together.

Thank you for taking the time to make AppHaven safer.