Skip to main content
Legal & Policies

Security Policy

Last updated: May 2026

If you discover a security vulnerability in Stanza, please report it responsibly. We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and address it.

Reporting a Vulnerability

Send your report to security@stanza.ink. Please include a description of the vulnerability, steps to reproduce, potential impact, and any proof-of-concept code if applicable.

What to Expect

  • Acknowledgement of your report within 3 business days.
  • A status update within 10 business days with our initial assessment.
  • Notification when the vulnerability has been resolved.

Scope

The following are in scope for responsible disclosure:

  • stanza.ink - web application
  • api.stanza.ink - REST API
  • Stanza iOS and Android apps

Out of scope: third-party services (Supabase, Cloudflare, Railway, Vercel), social engineering attacks, and physical security.

Our Commitments

  • We will not pursue legal action against researchers acting in good faith.
  • We will credit researchers in our release notes if they wish to be named.
  • We will not share your personal information without your consent.

Preferred Languages

English

← Back to Legal & Policies