Security & Responsible Disclosure
AllergenMaps takes security seriously. If you discover a vulnerability in our platform, we want to hear from you — safely and privately.
How to Report a Vulnerability
Send a detailed report to security@allergenmaps.com. Please include:
- A description of the vulnerability and the affected component
- Clear steps to reproduce the issue
- The potential impact or severity you believe it carries
- Your contact information (optional — anonymous reports are accepted)
Our Commitment to You
- We will acknowledge receipt of your report within 24 hours
- We will provide a timeline for investigation within 5 business days
- We will notify you when the issue has been resolved
- We will credit you publicly (with your permission) in our security acknowledgements once the fix is deployed
- We will not pursue legal action against researchers who follow this policy in good faith
Ground Rules
To protect users and ensure responsible handling, please:
- Do not publicly disclose a vulnerability before we have had a reasonable opportunity to address it
- Do not access, modify, exfiltrate, or delete data belonging to other users
- Do not perform denial-of-service attacks or disrupt service availability
- Do not engage in social engineering, phishing, or physical security attacks
Scope
In scope
- allergenmaps.com web application
- AllergenMaps REST API
- Authentication and authorization systems
Out of scope
- Third-party services (Vercel, Supabase, Sentry)
- Social engineering or physical attacks
- Automated scanning without prior coordination
Security reports: security@allergenmaps.com
Also see our Privacy Policy and Terms of Use.