Last updated: January 1, 2026

Our Commitment

Elfster is committed to keeping our platform secure for our users. We welcome reports from security researchers who discover potential vulnerabilities in our products or services.

Scope

This policy applies to the following Elfster properties:

  • www.elfster.com and all subdomains
  • The Elfster iOS and Android mobile applications
  • Elfster APIs

How to Report a Vulnerability

If you believe you have found a security vulnerability in any Elfster product, please report it to us by emailing security@elfster.com.

Your report should include:

  • A description of the vulnerability and its potential impact
  • Step-by-step instructions to reproduce the issue
  • Any relevant screenshots, proof-of-concept code, or supporting materials

What to Expect

After submitting a report, you can expect:

  • An acknowledgment of your report within 3 business days
  • Regular updates on the status of the investigation
  • Notification when the vulnerability has been resolved
  • Credit in our Vulnerability Hall of Fame (with your permission)

Safe Harbor

Elfster will not pursue legal action against researchers who discover and responsibly disclose vulnerabilities in accordance with this policy. We ask that you:

  • Make a good faith effort to avoid privacy violations and disruption to our services
  • Only interact with accounts you own or have explicit permission to test
  • Do not access, modify, or delete user data
  • Report vulnerabilities promptly and give us reasonable time to respond before any public disclosure

Out of Scope

The following are outside the scope of this policy:

  • Denial of service attacks
  • Social engineering or phishing attacks against Elfster employees
  • Physical security issues
  • Vulnerabilities in third-party services or libraries that are not specific to our implementation