Please disclose security vulnerabilities responsively. E-Mail us (support (at) yamka.app
) with regards to any vulnerabilities. You should expect a response within 48 hours. If we do not reply within a week, feel free to disclose your findings publicly, though you shall demonstrate them in a way that does not violate the Terms of Service. For example, a vulnerability that allows to gain unauthorized access to another user account shall be demonstrated on one you own.
We will receive your report and do our best to mitigate the vulnerability. Feel free to disclose it on your own two weeks after the patch has been released as a part of a new client version if it's client-related, or immediately after us informing you if it's backend-related. Thank you.