Responsible Disclosure

Last updated: 2025-03-26

At Oppflow, we take the security of our systems seriously and values the security community’s efforts to help keep our platform and users safe. We are committed to working with researchers who report vulnerabilities responsibly.

How to report

We encourage anyone to report security issues to [email protected].

Please include:

• Clear description of the vulnerability.
• Affected URL(s) or component(s).
• Detailed steps to reproduce (including PoC if possible).
• Potential impact assessment.

Rules of Engagement

• Act in good faith. Test only to find and report vulnerabilities.
• Respect user privacy at all times.
• Do Not: Disrupt services, access/modify/delete data you don’t own, perform DoS attacks, violate laws, or publicly disclose vulnerabilities before coordinating with us.

What is in scope?

In scope:

• *.oppflow.cloud

Out of scope:

• Third-party services such as general vulnerabilities in Supabase.
• Disruptive vulnerabilities:
  • Social engineering
  • Denial of service
  • Brute force attacks