Security

Last updated: July 2026

This page explains how to report a security problem on servercake.in, and what to expect from us if you do. It is separate from our Privacy Notice, which covers how we handle your personal data.

Report a vulnerability

Email[email protected]
Response timeWithin 3 business days
Scopeservercake.in and its subdomains
Safe harborGood-faith research won't be treated as an attack

What's in scope

servercake.in and any of its subdomains. If you're not sure whether something is in scope, email us first and we'll tell you before you spend time on it.

What's out of scope

Denial-of-service testing, spam, or social engineering aimed at our team; automated scanning that generates significant traffic (email us first so we don't mistake it for an attack); and physical access attempts.

What we ask of you

Give us a reasonable amount of time to fix an issue before any public disclosure. Don't access, modify or delete data that isn't yours beyond what's needed to demonstrate the issue. Send one clear report per issue, with the steps to reproduce it.

What you can expect from us

An acknowledgment within 3 business days, honest updates while we investigate and fix the issue, and credit in our thanks list below if you'd like it. We won't pursue legal action against anyone who reports a genuine issue in good faith and follows the guidance on this page.

Thanks

Researchers who've helped us responsibly will be credited here.

Machine-readable version

Following RFC 9116, the same contact details are also published at /.well-known/security.txt.