Security

Responsible disclosure

Found something that looks like a vulnerability in this site or in software built by Aleluya Technologies? Reports go to security@aleluyatechnologies.com. We acknowledge every report.

How to report

Email security@aleluyatechnologies.com. Include reproduction steps, the affected asset, and a timeline if you plan to publish.

We acknowledge reports within 72 hours and triage within five business days.

Scope

In scope:

aleluyatechnologies.com and its subdomains
Software we've built and that credits Aleluya Technologies in its codebase or footer, with the client's authorization

Out of scope: third-party services we use, denial of service, social engineering against us or our clients, and physical attacks.

Safe harbor

We will not pursue legal action against researchers who act in good faith, stay within the scope above, avoid privacy violations, do not exfiltrate data beyond what's needed to demonstrate the issue, and give us reasonable time to remediate before public disclosure.

Acknowledgments

No reports yet. Researchers who follow responsible disclosure will be listed here with their permission.