Responsible disclosure

Security

We take the security of Everyday Tracker seriously. If you discover a vulnerability, please report it responsibly so we can investigate and resolve it promptly.

Security reports can be sent to our security contact. We ask that you do not publicly disclose vulnerabilities before they are fixed.

Contact: [email protected]

Report a Security Issue

Reporting a Vulnerability

If you believe you have found a security issue affecting Everyday Tracker, please email us with the details. We review every report and will respond as quickly as we can.

Please do not publicly disclose vulnerabilities before they are fixed. Coordinated disclosure helps protect all users while we work on a remedy.

Scope

Everyday Tracker web application (everyday-tracker.com and associated subdomains)
Authenticated and public API endpoints operated by Everyday Tracker
Account authentication, authorization, and data access controls
Payment and subscription flows integrated with our service

Out-of-scope items include third-party services we do not operate, social engineering attacks, and denial-of-service tests against production infrastructure.

What to Include in Your Report

A clear description of the vulnerability and its potential impact
Steps to reproduce the issue, including URLs, request details, or account types affected
Screenshots or videos if available to help us understand the issue faster
Browser, device, and environment details (OS, app version, network context)
Your preferred contact information if you would like follow-up

We appreciate responsible disclosure and will investigate all legitimate security reports.