Security
Report a vulnerability
We appreciate responsible disclosure. Please follow the rules below to keep users and infrastructure safe.
How to report
Email: security@howzer.ai
Please include a clear description, steps to reproduce, and any proof-of-concept code or screenshots.
We aim to acknowledge within 3 business days.
Scope
Marketing website (howzer.ai) and public assets. Product environments are self-hosted by customers and not in scope unless expressly authorized in writing.
- Allowed: non-destructive testing of the public website; disclosure of misconfigurations, XSS, broken links, security header issues.
- Not allowed: data exfiltration, DoS, spam, social engineering, brute force, or affecting customer self-hosted environments without authorization.
Safe-harbor commitment
If you make a good-faith effort to comply with this policy, we will not pursue legal action for security research activity that could otherwise be considered unauthorized access under applicable laws. Do not access, modify, or destroy data that is not yours. Cease testing and notify us immediately upon discovering a potential risk to users or data.
We do not operate a public bug bounty program at this time.