Hack Tech

:: YOUR SOURCE FOR CYBER INTELLIGENCE ::

Vulnerability Disclosure Program

We invite good-faith security research that helps us protect the founders, operators, and customers who rely on Hack Tech. This page outlines what is in scope, how to report responsibly, and the protections we extend to researchers who follow the rules below.

Scope of Testing

In Scope

  • hacktech.app and *.hacktech.app production domains
  • Cloudflare Pages and Workers surfaces serving our customer portal
  • APIs documented at https://api.hacktech.app/v1
  • Latest mobile builds distributed through our official TestFlight channel

Out of Scope

  • Third-party vendors, including payment and identity providers
  • Physical or social engineering attacks against Hack Tech staff or customers
  • Denial-of-service, stress, or load testing that impacts availability
  • Automated scanning that generates excessive traffic or spam

Do / Do Not

Do

  • Respect privacy; stop testing and report immediately if you access customer data.
  • Limit testing to accounts you own or have explicit permission to use.
  • Provide detailed reproduction steps, proof-of-concept payloads, and impact analysis.
  • Allow a reasonable remediation window before discussing findings publicly.

Do Not

  • Exfiltrate, manipulate, or destroy data encountered during testing.
  • Exploit issues for financial gain or pivot into customer environments.
  • Share vulnerabilities with third parties without our written consent.
  • Use automated tools that degrade service quality for legitimate users.

Legal Safe Harbor

Hack Tech will not pursue civil or criminal action, nor will we submit complaints to law enforcement, against researchers who engage in good-faith testing, adhere to the guidelines on this page, and report vulnerabilities promptly. Good faith means accessing only what is necessary to demonstrate a vulnerability, avoiding privacy violations, and providing us with a reasonable amount of time to remediate before any disclosure.

If legal action is initiated by a third party against you and you have complied with this policy, we will make it clear that your actions were authorized and in line with industry-standard coordinated disclosure practices.

Reporting & PGP Contact

Send us your findings using encrypted email whenever possible. Include all relevant request logs, screenshots, exploit chains, and mitigation ideas so our engineers can validate quickly.

Primary email
security@hacktech.app
Subject line
[Hack Tech Disclosure] <Brief summary>
PGP fingerprint
1F3A C4D2 9B68 7A20 45C9 0E3F A7B1 6C4D 9E12 5F8B

PGP Public Key Block

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZaQx1hYJKwYBBAHaRw8BAQdAUWXxwXob2s0M6E6mJv1xgO0cINx1e5lFr10F
XvM7zMFrLEtIYWNrIFRlY2ggU2VjdXJpdHkgPGNlcnRAaGFja3RlY2guYXBwPoiQ
BBMWCAA4FiEEHzrE0ptiBiglyUXJoYPYuydBG+IFAmWkMdYCGwMFCwkIBwIGFQoJ
CAsCBBYCAwECHgECF4AACgkQoYPYuydBG+JLwAD/Q2Jo2pk+uQj0Jczk0BtDXLir
yk8BeDVSGsk87aFYgZkA/2N26X4Tofn4JRpD6/lol5DBSllp8xZlLJ7r6j9Tw3cF
uDgEZaQx1hIKKwYBBAGXVQEFAQEHQGL9s/zB1jI0G9dLMZP1oXo64LQGZGCxV5ZW
8/kCV4jWA1EwAwEIB4h4BBgWCAAqFiEEHzrE0ptiBiglyUXJoYPYuydBG+IFAmWk
MdYCGwwACgkQoYPYuydBG+KXwAD/eWy00oJE6O/rCqBy6yDeB+rle3AKOp7FQomC
v8BTfHcBANU2cXv0N8VkuZGZW0LU1HRsmzjvjLNy3R7kUDXhKhcE
=J9qy
-----END PGP PUBLIC KEY BLOCK-----