Responsible Disclosure
We take the security of our systems seriously and appreciate responsible disclosure of potential security issues.
Reporting a vulnerability
If you believe you've identified a security vulnerability, please report it to:
When possible, include:
- A description of the issue
- The affected URL, service, or component
- Steps to reproduce the issue
- Any relevant proof-of-concept or screenshots
Reports without sufficient technical detail may not receive a response.
Good-faith testing
We ask that you:
- Act in good faith and avoid privacy violations
- Do not disrupt our services (e.g. denial-of-service attacks)
- Do not access or modify user data beyond what is necessary to demonstrate the issue
We will not pursue legal action against individuals who report vulnerabilities in good faith and make a reasonable effort to follow these guidelines.
Rewards
We do not currently operate a public bug bounty program and do not guarantee compensation for reports.
Thank you for helping keep World Labs and our users safe.