What to report
Report suspected vulnerabilities that could affect user accounts, private data, listings, messages, uploads, payments, admin access, agent/API actions, or infrastructure boundaries.
- Authentication, authorization, session, account takeover, or access-control issues.
- Private data exposure, secret exposure, unsafe direct object access, or broken deletion/privacy behavior.
- Upload, media, payment, webhook, agent/API, or admin-panel weaknesses that could create unauthorized access or side effects.
Responsible testing limits
Do not disrupt Limowo, access data that is not yours, run destructive tests, attempt social engineering, spam users, bypass rate limits at scale, or test live payment behavior without explicit written permission.
How to report
Send a concise report to support@limowo.com with affected URL or endpoint, steps to reproduce, expected and observed behavior, potential impact, and safe screenshots or request IDs if useful. Do not include passwords, tokens, full payment data, or sensitive identity documents in email.
Response expectations
Limowo should acknowledge security reports, triage severity, preserve safe evidence, fix or mitigate verified issues, and communicate status. Final response times, escalation contacts, and disclosure policy remain operations launch gates.
No public bounty claim
This security contact route is not a public bug bounty program and does not promise rewards, legal safe-harbor language, or public acknowledgements. Those terms require formal legal and operations review before publication.