Security Disclosure Policy

Email security@mytasteshelf.com with a clear description, affected URL, reproduction steps, screenshots or proof of concept, and your contact information.

Do not access, modify, delete, exfiltrate, or disclose other users' data. Do not run destructive tests, social engineering, spam, physical attacks, denial-of-service, or automated high-volume scanning.

In scope: MyTasteShelf.com application logic, authentication flow, authorization, public-profile access controls, upload handling, and API routes. Third-party provider systems are out of scope.

We aim to acknowledge valid reports within seven days, triage based on severity, and keep reporters updated when practical. We do not currently offer a paid bug bounty.