Email [email protected] with:
- Description of the vulnerability + affected component
- Reproduction steps or proof-of-concept
- Your name + handle if you want public credit
We acknowledge within 48 hours, scope within 5 business days, and patch within 90 days for non-critical (faster for critical).
In scope: ClickReserv Inc production systems. Out of scope: third-party services (Stripe, AWS, SES), social-engineering, denial-of-service.
English.