Report a vulnerability
We welcome reports from security researchers and treat them seriously.
How to report
Email security@schemaforce.com with a description of the issue, the steps to reproduce it, and its potential impact. Please give us a reasonable time to investigate and remediate before any public disclosure. We’ll acknowledge your report and keep you updated on our progress.
Scope
Our production application (schemaforce.com and its subdomains) is in scope. Please do not access, modify, or delete other users’ data, degrade the service, or run automated scans that generate significant load. Test only against accounts you own.
Safe harbor
We will not pursue legal action for good-faith security research that respects this policy and the scope above. If you’re unsure whether an action is permitted, ask us first.
Machine-readable version: /.well-known/security.txt