Responsible Disclosure

1. Do not access, modify, or delete any user data.

Testing should be conducted only to confirm the existence of a vulnerability without exploiting it further.

2. Do not use automated scanners or denial-of-service tools.

Please avoid actions that could degrade system performance or impact user experience.

3. Do not attempt to access non-public data or systems unrelated to your testing scope.

4. Do not publicly disclose any information about a discovered issue until we have confirmed and resolved it.

5. Do not perform social-engineering, phishing, or spam activities against our staff, partners, or users.

6. Report only vulnerabilities relevant to our domain — systems operated under usreversephonelookups.com.

Third-party integrations, analytics tools, or ad networks are out of scope.

Include in your report:

• A clear description of the issue.
• Steps to reproduce the vulnerability.
• The affected endpoint or page.
• Any supporting evidence (screenshots, headers, logs).

Please avoid sending sensitive personal data in your report.

• We will acknowledge your report within two business days.
• We will investigate and keep you informed throughout the process.
• Once the issue is resolved, we may credit your contribution on our acknowledgments page (if applicable).
• We will not take legal action against individuals who act in good faith and comply with this policy.

• Cosmetic issues (typos, broken links, UI inconsistencies).
• Missing security headers without a demonstrated impact.
• Vulnerabilities in third-party services, hosting providers, or analytics platforms.
• Reports generated by automated scanners without a valid exploit scenario.