๐Ÿ›ก๏ธ

Responsible Disclosure Program

For security researchers who've found a vulnerability in Share The Aloha.

Share The Aloha is committed to ensuring the security of our service and our users' information. We encourage security researchers to contact us to report any potential weaknesses identified in our product, system, or any asset belonging to Share The Aloha.

This program is not a public bug-bounty program. We make no offers of reward or compensation for submitting potential issues. We genuinely appreciate your commitment to improving the security of our service and we will acknowledge your contribution publicly (with your permission) where appropriate.

Guidelines

Security researchers will disclose potential weaknesses in compliance with the following guidelines.

Please DO

Please DON'T

Out-of-scope issues

The following are explicitly outside the scope of this program. We may decline to investigate reports limited to these categories.

How to submit a report

Send your report to security@sharethealoha.com.

Please include:

We aim to acknowledge receipt within 5 business days and to provide an initial assessment within 14 business days. For high-severity issues we will respond as quickly as we can.

Safe harbor

We will not pursue legal action against security researchers who:

Share The Aloha reserves its legal rights in the event of non-compliance with these guidelines. If in doubt about whether a planned test crosses a line, contact us first at security@sharethealoha.com and we'll work with you.

Recognition

With your permission, we'll acknowledge researchers who responsibly disclose verified vulnerabilities on a thank-you page once we've built it. We will never publish your information without your consent.

If you have a different concern

Last updated: May 30, 2026. We will update this page as the program evolves.