We want to know what we missed.
If you discover a security issue in WhiskerMatch, we encourage you to report it responsibly. We will take it seriously, investigate promptly, and keep you informed.
Static site — reduced attack surface.
During early pilot onboarding, WhiskerMatch is a static marketing site. There are no API routes that receive visitor data, no server-side database, and no authentication endpoints. The attack surface is limited to the hosting layer (Vercel) and the site itself. The most relevant areas for research are content security policy, secure headers, and any unexpected client-side behavior.
In scope
whiskermatch.com and its subdomains. Secure header configuration, content security policy, client-side vulnerabilities, and any unexpected data exposure.
Out of scope
Third-party services (Vercel infrastructure, email providers) unless the vulnerability is specific to our configuration of those services.
Do not harm
Do not access, modify, or attempt to exfiltrate data that does not belong to you. Do not disrupt site availability.
Report promptly
Send findings to founders@veldarium.com with a clear description, steps to reproduce, and the potential impact. We aim to acknowledge within 5 business days.
Responsible research is welcome here.
We will not take legal action against security researchers who report vulnerabilities in good faith and follow the guidelines above.
Acknowledgment within 5 business days
We will confirm receipt of your report and let you know if we need more information.
Investigation and fix
We will investigate the issue and work on a fix. We will keep you updated on our progress.
Keep it confidential
Give us reasonable time to investigate and fix before disclosing publicly. We will tell you when it is safe to disclose.
Credit if you want it
If you would like public credit for a discovery, we are happy to acknowledge your name on this page after the fix is deployed.
Found something? Let us know.
Email founders@veldarium.com with a clear description, steps to reproduce, and the potential impact. We will respond within 5 business days.