Vulnerability Disclosure Policy

WeReportYourRent policy

Last updated: July 5, 2026

Reporting a vulnerability

If you believe you discovered a security vulnerability, email support@wereportyourrent.com with the subject line "Security Report". If a dedicated security alias is later created, route these reports to security@wereportyourrent.com. Include affected URLs, steps to reproduce, screenshots, proof-of-concept details, and contact information.

Good-faith research

We will make reasonable efforts to review good-faith reports. Good-faith research must avoid privacy violations, service disruption, data destruction, extortion, social engineering, spam, phishing, malware, physical attacks, or accessing, changing, deleting, or exfiltrating data that does not belong to the researcher.

No permission for harmful testing

This policy does not authorize denial-of-service testing, credential stuffing, brute forcing, physical attacks, employee targeting, vendor targeting, social engineering, malware, data exfiltration, or testing on third-party systems such as Array, Stripe, Cloudflare, Twilio, Meta, Google, or credit bureaus.

No bounty

Unless we publish a separate written bounty program, WeReportYourRent does not promise payment, reward, employment, or recognition for reports.

Coordinated disclosure

Please allow a reasonable time for investigation and remediation before public disclosure. We may ask for confidentiality if disclosure would put users or systems at risk.

Contact

WeReportYourRent is operated by JD Network Consulting LLC, a Florida limited liability company.

All policies