Responsible disclosure
Last updated: April 2026 · Applies to LaraTech sh.p.k. public web properties
How to report
Send details to the address below. Reports are accepted by email only (no OpenPGP requirement).
office@laratech.aiMachine-readable contact metadata:/.well-known/security.txt
Purpose
We take the security of our visitors and clients seriously. If you believe you have found a security vulnerability, please tell us so we can investigate and fix it.
What to include
- Description of the issue and potential impact
- Steps to reproduce (or proof-of-concept), if possible
- Affected URL(s) or component(s)
- Your contact address for follow-up questions
Scope
In scope for this policy (examples):
- The website and web application hosted under our primary domain (e.g. www.laratech.ai, laratech.ai)
- First-party forms and APIs we operate for that site
Typically out of scope:
- Third-party services, widgets, or embeds (e.g. analytics, booking, email marketing) — report to the relevant vendor
- Spam, social engineering, or physical security issues
- Denial-of-service against production without prior agreement
- Content issues or trademark disputes (use normal contact channels)
Rules of engagement
- Do not access, modify, or destroy data that does not belong to you.
- Do not disrupt our services while testing (rate-limit yourself; stop on request).
- Give us reasonable time to remediate before any public disclosure (we aim to acknowledge within a few business days).
Good faith & legal
We will not pursue legal action against you for research activities that comply with this policy, are not criminal under applicable law, and are conducted in good faith. This does not constitute a formal bug bounty or guarantee of compensation.