Security reporting

Vulnerability Disclosure

Client-safe security issue reporting instructions for BellPathOS.

SOC 2 readinessLocal-first privacyClient-owned secretsCloudflare hardened

Responsible disclosure

Report a BellPathOS security issue

Send a clear report to darrell@bellpathbydsb.com with the affected URL, steps to reproduce, screenshots if safe, browser/device, and whether sensitive data may be affected.

Do not include real client API keys, Plaid secrets, bank credentials, SSNs, or full account numbers in an email report.

Safe testing boundaries

Do not access another client account or data. Do not run denial-of-service tests. Do not exfiltrate secrets or attempt persistence. Use demo/sample data whenever possible.