Website security approach
The public website uses HTTPS, restricted configuration files, server-side form validation, request-size limits, origin checks, rate limiting, anti-spam verification and security headers where supported. Configuration secrets must remain outside public files.
How to report an issue
Email [email protected] with the subject “Security disclosure”. Include the affected URL, steps to reproduce, observed impact and a safe proof of concept. Encrypt sensitive details or request a secure exchange method before sending secrets.
Safe testing boundaries
- Do not access, alter, download or delete another person’s data.
- Do not use denial-of-service, spam, social engineering, credential attacks or destructive payloads.
- Do not test client systems, third-party providers or infrastructure outside kailvex.com without written permission.
- Stop testing and report immediately if personal data or production secrets become visible.
Response and remediation
Kailvex will review good-faith reports and may request clarification. Remediation priority depends on reproducibility, impact, affected systems and third-party dependencies. No bounty, payment, public credit or specific resolution time is promised unless agreed in writing.
Coordinated disclosure
Do not publicly disclose an unresolved issue or share data obtained during testing. A publication timeline, if appropriate, should be agreed after the issue is verified and a reasonable remediation opportunity is provided.
No security guarantee
Security controls reduce risk but do not make any internet service completely secure. This page is a reporting process, not a certification, warranty or invitation to perform testing outside the stated boundaries.