Last updated: 2/4/2026

This page is for guidance only and is not legal advice.

How to report

Email us at disclosures@quicklanding.app with the subject "Vulnerability suspected".

Scope

• Quicklanding web apps, APIs, and infrastructure that we control.
• Assets on quicklanding.app and associated subdomains we own.

Out of scope

• Third-party services we do not control.
• Denial of service, spam, or automated scanning that degrades service.
• Social engineering, phishing, or physical attacks.

Rules of engagement

• Do not access, modify, or delete data that is not yours.
• Do not disrupt service availability or user experience.
• Stop testing once you confirm the issue and report it promptly.

What to include

• Clear description of the issue and its impact.
• Reproduction steps or a proof of concept.
• Affected URLs, endpoints, and account details used for testing.
• Logs, screenshots, or videos if available.

Response

We aim to acknowledge reports within 3 business days and will provide updates as we investigate. We may ask for additional details to help validate the report.