Security Policy

Reporting Security Vulnerabilities

We take the security of PanelRP seriously. If you believe you have found a security vulnerability, please report it to us as described below.

How to Report

Please report security vulnerabilities by emailing contact+security@panelrp.com.

Please include the following information in your report:

- Type of vulnerability (e.g., XSS, SQL injection, authentication bypass)

- Affected component (e.g., API endpoint, web page, admin panel)

- Steps to reproduce the vulnerability

- Potential impact of the vulnerability

- Suggested fix (if you have one)

What to Expect

- Acknowledgment: We will acknowledge receipt of your report within 48 hours

- Initial Assessment: We will provide an initial assessment within 7 days

- Updates: We will keep you informed of our progress

- Resolution: We aim to resolve critical vulnerabilities within 30 days

Responsible Disclosure

We follow responsible disclosure practices:

- Do not publicly disclose the vulnerability until we have addressed it

- Do not access or modify data that does not belong to you

- Do not perform any actions that could harm our users or services

- Do not use automated scanning tools that could impact our services

Scope

In Scope

- PanelRP web application (dev.panelrp.com and production domains)

- API endpoints

- Authentication and authorization mechanisms

- Data storage and processing

- Third-party integrations

Out of Scope

- Social engineering attacks

- Physical security issues

- Denial of Service (DoS) attacks

- Issues requiring physical access to devices

- Issues in third-party services we use (please report directly to them)

Recognition

We appreciate responsible disclosure and will acknowledge security researchers who help us improve our security. See our Security Acknowledgments page for researchers we've recognized.

Questions

If you have questions about this policy, please contact us at contact+security@panelrp.com.

---

Last Updated: January 2026