Vulnerability Disclosure Policy

We take security seriously. If you believe you have discovered a vulnerability in ReRao, we encourage you to report it to us responsibly.

How to report

Send vulnerability reports to security@rerao.io. Please include sufficient detail to reproduce the issue and allow us to address it promptly.

What we ask

• Provide detailed steps to reproduce the vulnerability.
• Do not access, modify, or delete data belonging to others.
• Do not degrade our services or systems.
• Allow us reasonable time to address the issue before public disclosure.

What you can expect

• Acknowledgment of your report within 2 business days.
• Transparency about our assessment and remediation timeline.
• Credit in any public disclosure, if desired.