Security & responsible disclosure
Last updated: July 14, 2026
We take the security of glp1.how and our users seriously. If you believe you have found a security vulnerability, we appreciate your help in disclosing it to us responsibly.
How to report
Please email security@glp1.how with a description of the issue, the steps to reproduce it, and its potential impact. We aim to acknowledge reports promptly and will keep you updated as we investigate.
Please do
- Give us a reasonable time to investigate and fix an issue before disclosing it publicly.
- Make a good-faith effort to avoid privacy violations, data destruction, and service disruption.
- Only interact with accounts you own or have explicit permission to test.
Please do not
- Access, modify, or delete data that is not yours.
- Run denial-of-service tests, spam, or social-engineering attacks against our users or staff.
- Publicly disclose an issue before we have had a chance to address it.
Safe harbor
If you make a good-faith effort to comply with this policy during your research, we will consider your testing to be authorized, and we will not pursue or support legal action against you for it. This is a starting policy and does not itself grant rights against third parties.
Scope
This policy covers glp1.how. Third-party services we rely on (for example our hosting and authentication providers) have their own disclosure programs; please report issues in their systems directly to them.
A machine-readable version of this policy is available at /.well-known/security.txt.