Vulnerability Disclosure Policy
Last updated: July 2026 (v23.0)
We welcome reports from security researchers acting in good faith. If you believe you have found a vulnerability in Swiip or our websites: email [email protected] with enough detail to reproduce the issue; do not access, modify or exfiltrate data belonging to others, degrade the service, or use social engineering; give us a reasonable period (at least 90 days) to remediate before any public disclosure. We will acknowledge within 5 working days, keep you informed, and will not pursue legal action against good-faith research conducted within this policy. We do not currently operate a paid bug bounty. A machine-readable version of this policy is published at /.well-known/security.txt.