Skip to main content

Security Policy & Vulnerability Disclosure

Last updated: June 22, 2026

We take the security of UnchartedCareer and our users' data seriously. We welcome reports from security researchers and the public, and we are committed to working with you to verify and resolve issues quickly. This policy explains how to report a vulnerability and what you can expect from us.

Reporting a vulnerability

Email support@unchartededge.com with the subject line "Security". Please include enough detail to reproduce the issue: the affected URL or endpoint, a description of the vulnerability and its impact, and step-by-step reproduction (proof-of-concept, screenshots, or request/response samples are helpful). This contact and our machine-readable policy are also published at /.well-known/security.txt.

What to expect

  • We aim to acknowledge your report within 5 business days.
  • We will keep you informed as we investigate and work toward a fix.
  • We practice coordinated disclosure and ask that you give us reasonable time to remediate before any public disclosure.
  • With your permission, we are happy to credit you once the issue is resolved.

Safe harbor

We will not pursue legal action against researchers who, in good faith, discover and report vulnerabilities in accordance with this policy: who avoid privacy violations and degradation of our services, who do not access or modify data beyond what is necessary to demonstrate the issue, and who give us a reasonable opportunity to remediate before disclosure.

Out of scope

The following are generally not eligible: volumetric / denial-of-service testing, social engineering or phishing of our staff or users, physical attacks, reports from automated scanners without a demonstrated, exploitable impact, and issues in third-party services we do not control. Please do not run intrusive or automated testing against production systems.