Report a security issue

What to include

• A clear description — what the issue is and where you found it (a specific page, endpoint, or extension behavior).
• Steps to reproduce — enough detail that we can verify it ourselves without guessing.
• Impact, if known — what a person could actually do with this — access other accounts, see data they shouldn't, etc.
• Your contact info — so we can follow up with questions or let you know once it's fixed.

Responsible disclosure

Please give us a reasonable amount of time to investigate and fix an issue before sharing it publicly. We won't pursue legal action against anyone who reports a vulnerability in good faith and doesn't access, modify, or expose other people's data beyond what's needed to demonstrate the issue. Scholopsis is a small, independently built product, so we don't currently run a paid bug bounty program — but every report is read and taken seriously, and we'll credit you (if you'd like) once a fix ships.