What to report
- Security vulnerabilities — a bug that could expose data, break tenant isolation, or let someone tamper with the audit chain.
- Abuse of the service — accounts using Foxy Audit for illegal activity, attacks on the platform, spam, or to deceive third parties.
- Data concerns — if you believe your data, or someone else's, is being handled improperly.
How to reach us
Email foxyaudit@gmail.com with Abuse or Security in the subject. Please include:
- A clear description of the issue and its impact.
- Steps to reproduce, or the account/URL involved.
- Any logs, screenshots, or proof-of-concept — but do not include others' personal data beyond what's needed to explain the issue.
- How we can contact you for follow-up.
Responsible disclosure — our commitment
If you research in good faith and follow this policy, we will not pursue legal action against you. In return, please:
- Give us reasonable time to investigate and fix before disclosing publicly.
- Only access the minimum data needed to demonstrate the issue — never view, modify, or exfiltrate other users' data.
- Avoid privacy violations, service degradation, denial-of-service, and any destruction of data.
- Do not run automated scanners against production without prior arrangement.
What happens next
We aim to acknowledge reports quickly, keep you updated as we investigate, and fix confirmed issues as fast as we responsibly can. For confirmed vulnerabilities, we're glad to credit reporters who want recognition.