Responsible disclosure

Security

Send security reports for Afterchorus.com to hello@afterchorus.com. Include the affected URL, a short reproduction path, expected impact, and any evidence needed to verify the issue.

Scope

The current public scope is Afterchorus.com and its email signup, confirmation, unsubscribe, webhook, health, and first-party event endpoints.

Out of bounds

Do not run destructive testing, social engineering, spam, denial of service, automated high-volume scanning, or attempts to access data that is not your own. Reports that rely on those methods may not be actionable.

Safe harbor

Good-faith reports that stay within this page and avoid privacy harm will be reviewed. Afterchorus does not currently operate a paid bug bounty program.