Contact: [email protected]

Based on https://supabase.com/.well-known/security.txt

At TopTierTools, we prioritize the security of our systems and the protection of our customers' data. Despite our best efforts to maintain a secure environment, vulnerabilities may still exist.

If you discover a vulnerability, we greatly appreciate your effort to report it responsibly. Your assistance helps us improve the security and reliability of our systems.

While we value all contributions, the following issues are considered out of scope for our vulnerability reporting program:

• Clickjacking on pages with no sensitive actions.
• Unauthenticated/logout/login CSRF.
• Attacks requiring MITM or physical access to a user's device.
• Activities resulting in the disruption of our services (e.g., DoS).
• Content spoofing and text injection without a demonstrable attack vector or HTML/CSS modification.
• Email spoofing.
• Missing DNSSEC, CAA, CSP headers.
• Lack of Secure or HTTP-only flags on non-sensitive cookies.
• Deadlinks.

We request that you follow these guidelines when reporting vulnerabilities:

1. Contact Us: Send your findings to [email protected].
2. Avoid Automated Scanners: Do not run automated scanners on our infrastructure without prior approval. If needed, we can set up a sandbox for testing.
3. Respect Data Privacy:
   • Do not exploit the vulnerability to access, modify, or delete others' data.
   • Only demonstrate the vulnerability without causing harm.
4. Confidentiality: Do not disclose the issue to others until it is resolved.
5. Prohibited Methods: Refrain from physical security attacks, social engineering, DDoS, spam, or targeting third-party applications.
6. Provide Detailed Information:
   • Include sufficient details to reproduce the issue.
   • Share relevant URLs, IP addresses, and descriptions of the vulnerability. Complex cases may require additional explanation.

If you adhere to the guidelines above, we make the following commitments:

• Prompt Response: We will acknowledge your report within 3 business days and provide an expected resolution timeline.
• No Legal Action: We will not pursue legal action against you for responsibly reporting vulnerabilities.
• Confidentiality: Your personal details will be handled with strict confidentiality and not shared without your consent.
• Transparency: We will keep you updated on our progress toward resolving the issue.
• Recognition: With your permission, we will publicly acknowledge your contribution in our disclosure.

We strive to address vulnerabilities swiftly and work with you to responsibly publish information about resolved issues.

Thank you for helping us make TopTierTools more secure!