Security

Security Contact And Disclosure

WarpIntel is built as a third-party EVE Online advisory app with public tools first and private EVE data gated behind feature-specific consent. This page explains how to report a security concern without exposing private player, corporation, alliance, or account data.

Security contactsupport@warpintel.appThe machine-readable contact file is published at /.well-known/security.txt.

What To Send

The affected page, route, API endpoint, or feature name.
Clear reproduction steps, expected behavior, and actual behavior.
Impact in plain language, including whether another user or private EVE data may be affected.
Approximate time, browser/device context, and any visible error text.

Safe Testing Boundaries

Do not access, change, delete, export, or publish another user's data.
Do not submit secrets, private tokens, private EVE data, or production credentials unless we request them.
Do not run denial-of-service, spam, social engineering, phishing, or automated abuse tests.
Do not attempt to bypass EVE Online, CCP, Discord, Stripe, Google, Resend, Vercel, Neon, or other provider controls.

Current Launch Posture

Public tools, browser-local reports, public ESI data, and protected admin monitoring are live first. Private EVE SSO scopes, Discord automation, Stripe support, AdSense, Resend email, AI enhancements, and paid ideas stay behind feature flags, provider setup, user consent, and manual review until the matching lane is ready.

Security JSON Status Permissions Privacy Support