Scope
We welcome reports of security vulnerabilities in any system, service, or asset owned and operated by SQUEMA, including but not limited to:
- squema.group and all subdomains
- APIs and web applications
- Infrastructure and network services
Rules
- Do not access, modify, or delete data belonging to other users
- Do not perform denial-of-service attacks
- Do not use social engineering against our employees
- Provide sufficient detail to reproduce the vulnerability
- Allow reasonable time for remediation before disclosure
Reporting
Send vulnerability reports to security@squema.group. Encrypt sensitive details with our PGP key.
Include: description, steps to reproduce, impact assessment, and any supporting evidence (screenshots, PoC code).
Our Commitment
- Acknowledge receipt within 24 hours
- Provide status updates as we investigate
- Credit reporters in our advisories (with consent)
- No legal action against good-faith researchers
PGP Fingerprint: 8BE6 A404 BCB1 FAD0 4BEB 552D 780E 7B4F 87C8 BEA7