Security Policy

Reporting a Vulnerability

If you believe you have found a security vulnerability in FounderSold, please report it responsibly by emailing foundersold@gmail.com. We will acknowledge your report within 72 hours and aim to resolve confirmed issues within 30 days.

Please do not publicly disclose the vulnerability until we have had a chance to address it.

Scope

• foundersold.com and all its subdomains
• The FounderSold API (api.foundersold.com)

Out of scope: Vercel preview deployment URLs, third-party services (Supabase, Stripe, Upstash), and social media accounts.

What We Ask

• Give us reasonable time to fix the issue before public disclosure
• Do not access or modify data belonging to other users
• Do not perform denial-of-service attacks
• Do not use automated scanners against production without prior approval

Safe Harbor

We consider security research conducted under this policy as authorized. We will not pursue legal action against researchers who discover and report vulnerabilities responsibly and in good faith, following the guidelines above.