Last updated:
We take the security of Keepin’ Tracks seriously. If you believe you have found a vulnerability, we want to hear from you.
Contact
Email [email protected] with:
- A clear description of the issue
- Steps to reproduce (or proof of concept)
- The hostname or app affected (Personal, Business, or the public site)
- Your preferred contact for follow-up
Please do not post vulnerabilities publicly before we have had a chance to respond.
What is in scope
- keepintracks.com and its subdomains (marketing site, Personal and Business apps and APIs, product help)
- Authentication, authorization, and data isolation between accounts
- Cross-tenant or cross-user data access issues
Out of scope
- Denial-of-service tests against production
- Social engineering or physical attacks
- Issues in third-party services (Stripe, Cloudflare dashboard, your email provider)
- Vulnerabilities in software you do not use in production, or in outdated browsers
Safe harbor
We will not pursue legal action against researchers who:
- Act in good faith
- Avoid privacy violations, data destruction, and service disruption
- Give us reasonable time to fix the issue before public disclosure (typically 90 days, sooner for critical issues)
We do not offer a paid bug bounty today. We will acknowledge valid reports and work to remediate confirmed issues.
Preferred disclosure
- Report privately to [email protected]
- We confirm receipt and investigate
- We coordinate fix and retest
- We agree on public disclosure timing if you plan to publish
Thank you for helping keep our users safe.