policies

Responsible Disclosure

How to report security issues affecting Aerod, its apps, redirect system, or website infrastructure.

Reporting security issues

If you believe you have found a security issue affecting Aerod, its apps, website, affiliate redirect system, or deployment configuration, report it to:

security@aerod.net

Include enough detail to reproduce and understand the issue.

What to include

A useful report usually includes:

  • Affected URL or route.
  • Steps to reproduce.
  • Expected behavior and actual behavior.
  • Browser, device, or network context if relevant.
  • Screenshots or proof-of-concept details that avoid harming users.

Testing boundaries

Do not access, modify, delete, or exfiltrate data that does not belong to you. Do not degrade service, run denial-of-service testing, attempt social engineering, or test third-party providers linked from Aerod without their permission.

Response expectations

Aerod should acknowledge valid reports, investigate in good faith, and correct issues based on severity and practical impact.

This policy does not create a bug bounty program unless Aerod publishes one separately.