Vulnerability Disclosure Policy

At KanAPI, we take the security of our systems and our users' data very seriously. We value the contributions of the security community and encourage responsible disclosure of vulnerabilities. This page outlines our vulnerability disclosure policy and provides guidelines for reporting potential security issues.

Reporting a Vulnerability

If you have identified a potential security vulnerability in our systems, please report it to us by emailing [email protected]. Include as much detail as possible in your report, including:

  • Description of the vulnerability and its potential impact
  • Steps to reproduce the vulnerability
  • Any proof-of-concept code
  • Your contact information


The following areas are in scope for vulnerability reporting:

  • Any other subdomains under

The following areas are out of scope for vulnerability reporting:

  • Third-party services and integrations
  • Social engineering attacks
  • Denial of Service (DoS) attacks

Our Commitment

When you report a vulnerability to us, we commit to:

  • Acknowledge your report within 3 business days
  • Provide an estimated timeline for addressing the vulnerability
  • Notify you when the vulnerability has been resolved
  • Offer public recognition for your contributions, if you wish

Legal Safe Harbor

We will not take legal action against researchers who follow this policy and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services. If legal action is initiated by a third party against you for activities that were conducted in accordance with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Changes to This Policy

We may update this policy from time to time. We encourage you to review this page periodically for any changes. Your continued use of our services after the posting of changes constitutes your acceptance of such changes.

Thank you for helping us keep KanAPI and our users safe!