Effective Date: November 18, 2025
Last Updated: May 26, 2026
This Security Policy explains how to report security issues and what testing is prohibited.
1. Reporting Vulnerabilities
If you believe you have discovered a security vulnerability in ProofLookup, contact [email protected] with the subject line “Security Vulnerability Report.” Include a description, steps to reproduce, affected URL or feature, screenshots or proof of concept if safe, and whether you believe the issue is actively exploited.
2. Responsible Disclosure
We ask researchers to report vulnerabilities promptly, avoid accessing or modifying user data, avoid disrupting the Service, avoid testing against other users’ accounts or records, and give us reasonable time to investigate before public disclosure.
3. Prohibited Testing
You must not perform DDoS, stress, load, or destructive testing; spam, phishing, malware, or social engineering tests; credential stuffing, brute force attacks, or account takeover attempts; attempts to access other users’ accounts, records, files, or private data; attempts to bypass payment, access, lookup, upload, or rate limits; or testing that degrades, disrupts, damages, or compromises the Service.
4. No Bug Bounty Unless Stated
We do not offer a paid bug bounty program unless explicitly stated in writing. Submitting a report does not guarantee payment, reward, public credit, or response.
5. Security Enforcement
We may suspend accounts, block IP addresses, disable records, restrict access, or take other action if we believe activity threatens the security, integrity, reliability, or availability of the Service.
Questions about this page may be sent to [email protected].