Security Policy

Responsible disclosure and security reporting guidelines

Responsible Disclosure

We take the security of Mr. Popup seriously. If you discover a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

We are committed to working with security researchers to resolve security issues quickly and ensure the safety of our users and their data.

How to Report

Please report security vulnerabilities to:

Email: info@mrpopup.co

Please include:

  • Clear description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any proof-of-concept code or screenshots (if applicable)

Scope

We are interested in security vulnerabilities in the following areas:

  • Authentication issues
  • Authorization bypass
  • Data exposure
  • Billing-related vulnerabilities

Out of Scope

The following are not considered security vulnerabilities:

  • SPF / DKIM / DMARC configuration issues
  • Rate limiting suggestions
  • UI / UX bugs
  • Social engineering attempts
  • Denial of service (DoS) tests

Rewards

No monetary rewards at this time.

We appreciate your contribution to keeping Mr. Popup secure. While we cannot offer monetary compensation at this time, we will acknowledge security researchers who help us improve our security (with permission).

Disclosure Guidelines

When reporting a security vulnerability, please:

  • Provide clear reproduction steps
  • Do not request payment to disclose details
  • Do not threaten public disclosure
  • Do not publicly share details before we have time to fix

We will work with you to understand and resolve the issue quickly. We ask that you give us reasonable time to address the vulnerability before making any public disclosure.

Acknowledgments

We are grateful to security researchers who help us improve the security of Mr. Popup. With your permission, we would like to acknowledge your contribution on this page.

If you have reported a security vulnerability and would like to be acknowledged, please let us know when you submit your report.

Security.txt

Our security policy is also available in the standard security.txt format:

https://mrpopup.co/.well-known/security.txt

Contact

For security-related inquiries, please contact:

Mr. Popup Security Team

Email: info@mrpopup.co

Website: https://mrpopup.co