How it works What We Check
Pricing
For Individuals For Agencies
Articles About My Report Free Scan
How it works What We Check Pricing Articles About My Report Free Scan →
Security

Vulnerability Disclosure Policy

We take the security of our platform seriously. If you discover a vulnerability, we want to hear from you.

Last updated: June 2026

How to report a vulnerability

Please send your report by email to our dedicated security inbox. Include as much detail as possible to help us reproduce and assess the issue.

🔒
Security reports legal@sitetals.com

A useful report typically includes:

  • A description of the vulnerability and its potential impact
  • The URL, endpoint, or component affected
  • Step-by-step instructions to reproduce the issue
  • Any supporting evidence (screenshots, request/response logs, proof-of-concept)

Scope

This policy applies to the following assets operated by Sitetals:

  • sitetals.com — the main website and free scan interface
  • api.sitetals.com — the public API

Out of scope:

  • Third-party services and infrastructure we do not control (hosting providers, payment processors, email delivery platforms)
  • Denial-of-service attacks or automated scanning beyond what is necessary to demonstrate a vulnerability
  • Social engineering of Sitetals staff
  • Physical security

What to expect from us

  • Acknowledgement — we will acknowledge receipt of your report within 5 business days
  • Assessment — we will assess the report and keep you informed of our progress
  • Remediation — we will work to address confirmed vulnerabilities as promptly as possible, prioritised by severity
  • Transparency — we will let you know when the issue has been resolved

We do not currently operate a bug bounty programme. We are, however, happy to acknowledge researchers who report valid vulnerabilities, if they wish to be credited.

Safe harbour

We will not take legal action against researchers who discover and report security vulnerabilities in good faith, provided that they:

  • Act in accordance with this policy
  • Do not access, modify, or delete data beyond what is strictly necessary to demonstrate the vulnerability
  • Do not disclose the vulnerability publicly before we have had a reasonable opportunity to address it
  • Do not conduct attacks that degrade the availability of our services
  • Do not use the vulnerability for any purpose other than demonstrating its existence to us

We ask that you give us a reasonable timeframe to resolve a reported issue before any public disclosure. We will work with you to agree on a coordinated disclosure date.

Coordinated disclosure

We follow a coordinated disclosure approach. We ask that you refrain from publishing details of a vulnerability until we have confirmed a fix is in place and agreed a disclosure date with you. We aim to resolve critical issues within 30 days and will communicate openly if this is not possible.

If you have not received an acknowledgement within 5 business days of your report, please follow up at legal@sitetals.com.