1. Introduction
We take security seriously. If you believe you’ve found a security vulnerability in Raqib, we encourage you to report it responsibly so we can address it quickly.
2. How to Report
Send an email to support@raqib.ai with:
- Description of the issue
- Reproduction steps (if applicable)
- Impact and any suggested fixes
- Contact details for follow-up
3. In Scope
We welcome reports on:
- Authentication or session flaws
- Privilege escalation
- Insecure data exposure
- Misconfigured headers or CORS
- Vulnerable third-party integrations
4. Out of Scope
We do not consider the following as valid vulnerabilities:
- Self-XSS
- Lack of rate limiting on non-critical endpoints
- Spam or social engineering vectors
- Missing security headers with no exploitability
5. Rules of Engagement
- Do not access or modify data you don’t own
- Do not disrupt production services
- Do not use automated scanning tools
- Do not publicly disclose before we confirm and resolve the issue
6. Recognition
We currently do not offer a bug bounty, but we do acknowledge and thank ethical researchers.