Security & Responsible Disclosure

Vulnerability Disclosure Policy

We take security seriously. If you discover a vulnerability, we want to know so we can fix it.

Our Commitment

Ad-API is committed to ensuring the security and privacy of our users. We welcome responsible security research and appreciate the efforts of security researchers who help us maintain a secure platform.

Scope

This policy applies to security vulnerabilities in:

  • The Ad-API platform (adapi.dev and all subdomains)
  • The Ad-API REST API (api.adapi.dev)
  • Developer, Agency, and Admin portals
  • Infrastructure and services directly controlled by Ad-API

How to Report

If you believe you've found a security vulnerability, please email us at:

[email protected]

Please include the following in your report:

  • Description of the vulnerability and its potential impact
  • Steps to reproduce the issue (as detailed as possible)
  • Proof of concept (if applicable)
  • Your contact information for follow-up

Response Timeline

We are committed to responding promptly to security reports:

48 hours

Initial acknowledgment of your report

7 days

Status update and preliminary assessment

30 days

Target resolution for critical vulnerabilities

Safe Harbor

We will not pursue legal action against security researchers who:

  • Follow this vulnerability disclosure policy
  • Make a good faith effort to avoid privacy violations and service disruption
  • Do not access, modify, or delete data belonging to others
  • Give us reasonable time to address the issue before public disclosure

Out of Scope

The following are explicitly out of scope and should not be reported:

  • ×Social engineering attacks (phishing, vishing, etc.)
  • ×Denial of Service (DoS/DDoS) attacks
  • ×Physical security testing
  • ×Third-party services and applications
  • ×Issues in outdated browsers or platforms
  • ×Reports from automated tools without validation

Recognition

We believe in giving credit where credit is due. With your permission, we will publicly acknowledge responsible security researchers in our changelog and security advisories. If you prefer to remain anonymous, we will respect that choice.

Questions about this policy?

[email protected]