Security & responsible disclosure
We take the security and privacy of Cloudkart.ai seriously. If you believe you have found a vulnerability, we would like to hear from you and will work with you to resolve it quickly.
Reporting a vulnerability
Email security@cloudkart.ai with a description of the issue, the steps to reproduce it, and its potential impact. Please give us a reasonable window to investigate and fix before any public disclosure. Our machine-readable contact is published at /.well-known/security.txt.
Scope
In scope: the cloudkart.ai web application and its public APIs. Out of scope: denial-of-service testing, social engineering, physical attacks, automated scanner noise without demonstrated impact, and any testing that degrades the service for other users or accesses data that is not yours.
Safe harbor
We will not pursue action against researchers who act in good faith, stay within this scope, avoid privacy violations and service disruption, and give us a chance to remediate before disclosing.
Analytics & your data
Analytics stay off until you accept the consent banner — we do not load Google Analytics or set analytics cookies before then. We do not run ads and we do not sell your data. Tool logos are proxied through our own server, so your browsing is not shared with third parties on every page view.