Security Policy

Responsible disclosure guidance.
For reporting suspected security vulnerabilities affecting Kate Keeps It Klean websites or related online systems.

Last Updated: April 29, 2026
security.txt PGP Public Key Report an Issue
Please report suspected vulnerabilities privately before any public disclosure.
Sensitive details may be encrypted with our public PGP key.
Responsible disclosure accepted

Security Contact

Send suspected security issues to: help@katekeepsitklean.com

PGP Key Download the public key for encrypted messages.
Security.txt View the machine-readable contact file.
No Bug Bounty Reports are appreciated, but we do not currently offer paid rewards.

What to Include

To help us review and fix the issue, please include as much detail as reasonably possible:

  • A clear description of the suspected vulnerability.
  • The affected URL, page, form, endpoint, or account area.
  • Steps to reproduce the issue.
  • Browser, device, and operating system details if relevant.
  • Screenshots, logs, or proof-of-concept details, if safe to share.
  • Your preferred contact information for follow-up.

Security.txt

The canonical security contact file is available here:

https://katekeepsitklean.com/.well-known/security.txt

Responsible Disclosure

If you believe you have found a security vulnerability affecting Kate Keeps It Klean, please report it privately so we can investigate and address it appropriately.

Authorized Testing Scope

Good-faith testing is limited to public Kate Keeps It Klean web properties and client-facing systems that are clearly owned or operated by Kate Keeps It Klean.

Testing must not disrupt service, access data that does not belong to you, degrade performance, bypass authentication, or interfere with other users.

Out of Scope

The following activities are not permitted:

  • Denial-of-service testing, load testing, or traffic flooding.
  • Social engineering, phishing, impersonation, or deceptive contact.
  • Physical attacks or attempted access to property, devices, offices, or personal locations.
  • Spam, credential stuffing, brute-force login attempts, or password spraying.
  • Malware, ransomware, destructive payloads, or persistence mechanisms.
  • Accessing, copying, modifying, deleting, or exposing data that is not yours.
  • Testing third-party services not controlled by Kate Keeps It Klean.

Safe Harbor

We will not pursue legal action against researchers who act in good faith, follow this policy, avoid privacy violations, avoid service disruption, and report suspected vulnerabilities promptly without public disclosure before we have had a reasonable opportunity to investigate and remediate the issue.

Disclosure Expectations

Please do not publicly disclose a suspected vulnerability until we have reviewed the report and had a reasonable opportunity to resolve the issue. We will make a good-faith effort to acknowledge legitimate reports and coordinate next steps.

No Bug Bounty Program

Kate Keeps It Klean does not currently operate a paid bug bounty program. Submission of a report does not create an obligation for payment, reward, employment, or public acknowledgment.