Security
Last updated: July 2026
This page explains how to report a security problem on servercake.in, and what to expect from us if you do. It is separate from our Privacy Notice, which covers how we handle your personal data.
Report a vulnerability
What's in scope
servercake.in and any of its subdomains. If you're not sure whether something is in scope, email us first and we'll tell you before you spend time on it.
What's out of scope
Denial-of-service testing, spam, or social engineering aimed at our team; automated scanning that generates significant traffic (email us first so we don't mistake it for an attack); and physical access attempts.
What we ask of you
Give us a reasonable amount of time to fix an issue before any public disclosure. Don't access, modify or delete data that isn't yours beyond what's needed to demonstrate the issue. Send one clear report per issue, with the steps to reproduce it.
What you can expect from us
An acknowledgment within 3 business days, honest updates while we investigate and fix the issue, and credit in our thanks list below if you'd like it. We won't pursue legal action against anyone who reports a genuine issue in good faith and follows the guidance on this page.
Thanks
Researchers who've helped us responsibly will be credited here.
Machine-readable version
Following RFC 9116, the same contact details are also published at /.well-known/security.txt.