Vulnerability disclosure

If you believe you have found a security issue in Auvra Labs, we want to hear about it and we will treat your report seriously.

Email security@auvralabs.com with what you found, the steps to reproduce it, and any affected URLs or accounts. We will acknowledge your report within three business days.

Please do not access data that is not yours, degrade the service for others, or run automated scanners against production. Test accounts are available on request for good-faith research.

We do not run a paid bounty program today. We will credit reporters who want credit once a fix ships, and we will not pursue good-faith research conducted within these guidelines.