Trust & Security

Security

This page gives the reporting path for security issues and summarizes the currently verifiable public security posture of secpal.app.

Last updated: March 21, 2026

Vulnerability reporting

If you discover a vulnerability, please report it confidentially to security@secpal.app. Public bug reports for security issues should be avoided so unnecessary risk is not created for others.

Current status

SecPal is not yet a live production platform. The public website is a deliberately lean website focused on landing content, legal information, and contact routes. This page therefore focuses on vulnerability reporting and the current public state.

Current principles

Responsible disclosure: vulnerabilities should be reported confidentially and handled in a coordinated way.
Data minimization: the landing page currently avoids unnecessary tracking and marketing services.
No inflated claims: this page does not promise production-grade controls for features that are not yet live.

Security FAQ

If your question is not covered here, reach out by email .

How should a vulnerability be reported?: Please do not open a public issue for security vulnerabilities. Send reports to security@secpal.app or use GitHub Security Advisories so coordinated disclosure remains possible.
What happens after a vulnerability is reported?: Incoming reports are reviewed confidentially, prioritized, and fixed where possible through a coordinated process. Where appropriate, a later public note may describe the correction.
Is SecPal already a production service?: No. SecPal is still under construction. This page describes the reporting path and the current public state, not the full assurance level of a live production platform.
Are tracking or advertising services already in use?: Not at the moment. The public website intentionally stays lean and currently avoids marketing trackers or ad networks.