Security and Responsible Disclosure
How to report Edgaze security issues and the boundaries for good-faith vulnerability reporting.
Overview#
This policy explains how to report security issues affecting Edgaze and the boundaries for good-faith vulnerability research.
It does not authorize unapproved testing, scanning, or access to accounts or data without permission.
Reporting Security Issues#
What to include#
If you believe you have found a vulnerability affecting Edgaze, report it to `[email protected]`. Include a clear description, affected URL or feature, steps to reproduce, impact, screenshots or logs where useful, and your contact information.
Good-Faith Research#
Good-faith reporting means you:
- Avoid accessing, modifying, deleting, or exfiltrating data that is not yours.
- Avoid disrupting service, degrading performance, or triggering excessive automated traffic.
- Stop testing once you have enough information to demonstrate the issue.
- Keep the issue confidential while Edgaze investigates.
- Do not use the issue for fraud, extortion, competitive harm, spam, account takeover, or data extraction.
No Authorization for Unapproved Testing#
Prohibited testing#
This policy does not authorize penetration testing, automated scanning, social engineering, physical attacks, denial-of-service testing, credential attacks, rate-limit bypassing, payment abuse, or access to accounts/data without permission.
Policy and legal limits#
Testing that violates law, the Acceptable Use Policy, or third-party terms is not authorized by this policy.
Scope#
In-scope surfaces#
Reports may relate to Edgaze web surfaces, APIs, auth flows, checkout flows, creator dashboards, hosted workflow execution, public docs, or platform-controlled infrastructure.
Third-party services#
Third-party services such as Stripe, Supabase, Vercel, Cloudflare, OpenAI, Anthropic, Google, and external APIs have their own security programs and should be reported through their channels unless the issue is specifically in Edgaze's integration.
No Bounty Unless Announced#
Edgaze does not currently offer a public bug bounty, reward, compensation, swag, or guaranteed acknowledgment unless separately announced in writing.
What Edgaze May Do#
Edgaze may investigate, request more information, prioritize, remediate, decline, disclose, or take protective action. Reports do not create an obligation to fix within a specific timeline.
Contact#
Security reports: `[email protected]`
General support: `[email protected]`
Related Policies#
Related policies
Back to Legal & Trust CenterHow Edge Platforms, Inc. collects, uses, shares, stores, and protects information across Edgaze.
Rules governing permitted and prohibited use of Edgaze accounts, listings, workflows, prompts, automation, and hosted runs.
How Edgaze detects, reviews, and responds to payment abuse, marketplace manipulation, unsafe workflows, and platform misuse.