SecPal

Security

This page gives the reporting path for security issues and summarizes the publicly verifiable security posture of secpal.app.

Last updated: March 21, 2026

Vulnerability reporting

If you discover a vulnerability, please report it confidentially to security@secpal.app. Public bug reports for security issues should be avoided so unnecessary risk is not created for others.

Current status

SecPal is not yet a live production platform. The public website stays deliberately lean and focuses on landing content, legal information, and contact routes. This page therefore focuses on vulnerability reporting and the current public state.

Current principles

  • Responsible disclosure: vulnerabilities should be reported confidentially and handled in a coordinated way.
  • Data minimization: the landing page avoids tracking and marketing services.
  • No inflated claims: this page does not promise production-grade controls for features that are not yet live.

Security FAQ

If your question is not covered here, reach out by email.

How should a vulnerability be reported?
Please do not open a public issue for security vulnerabilities. Send reports to security@secpal.app or use GitHub Security Advisories so coordinated disclosure remains possible.
What happens after a vulnerability is reported?
Incoming reports are reviewed confidentially, prioritized, and fixed where possible through a coordinated process. Where appropriate, a later public note may describe the correction.
Is SecPal already a production service?
No. SecPal is still under construction. This page describes the reporting path and the current public state, not the full assurance level of a live production platform.
Are tracking or advertising services already in use?
Not at the moment. The public website intentionally stays lean and avoids marketing trackers or ad networks.