Last Edited : Mar 02, 2026

How to responsibly report security issues to Breachsense.

Vulnerability Disclosure Policy

If you’ve found a security vulnerability in Breachsense, we want to hear about it. This policy explains how to report issues to us and what to expect after you do.

Scope

In scope:

  • breachsense.com and its subdomains
  • Breachsense API endpoints

Out of scope:

  • Social engineering attacks against Breachsense employees or customers
  • Denial of service (DoS/DDoS) attacks
  • Physical attacks against Breachsense offices or infrastructure
  • Third-party services, applications, or websites that integrate with Breachsense
  • Attacks against other users’ accounts or data
  • Automated scanning that generates excessive traffic

How to Report

Send your report to security@breachsense.com. Please include as much detail as possible so we can reproduce and assess the issue quickly.

What to Include in Your Report

A good vulnerability report includes:

  • A clear description of the vulnerability
  • Step-by-step instructions to reproduce the issue
  • The affected URL, endpoint, or component
  • Your assessment of the potential impact
  • Screenshots or proof-of-concept code, if applicable
  • Your preferred contact information for follow-up

The more detail you provide, the faster we can triage and resolve the issue.

Response Timeline

  • Acknowledgment: We’ll confirm receipt of your report within 3 business days.
  • Status update: You’ll receive an initial assessment within 10 business days.
  • Resolution: Timelines vary depending on severity and complexity. We’ll keep you informed throughout the process.

Responsible Disclosure Guidelines

We ask that you:

  • Don’t access, modify, or delete data belonging to other users
  • Don’t disrupt Breachsense services or degrade the experience for other users
  • Don’t publicly disclose the vulnerability before we’ve had a reasonable opportunity to fix it
  • Only interact with accounts you own or have explicit permission to test
  • Stop testing and report immediately if you accidentally access someone else’s data

Safe Harbor

Breachsense won’t pursue legal action against researchers who discover and report vulnerabilities in good faith, following this policy. We consider security research conducted in line with this policy to be authorized and won’t treat it as a violation of our Terms of Service.

If at any point you’re uncertain whether your research is consistent with this policy, contact us at security@breachsense.com before proceeding.

Recognition

We appreciate the contributions of security researchers. With your permission, we’re happy to publicly acknowledge your work once the vulnerability has been resolved.

If you’d prefer to remain anonymous, we’ll respect that.

Contact

For all security vulnerability reports: security@breachsense.com

For general inquiries, see our Security and Data Handling page or contact us.

©2026 Breachsense - All Rights Reserved