This document is for security vulnerabilities in the project's code or infrastructure, for example, validation bypasses, deploy-script bugs, or secrets exposure.
- Email: administrator@made-in.app
- Please do not file public issues for security vulnerabilities.
In scope: vulnerabilities in the validation logic, the deploy workflow, the DNS-sync script, or abuse vectors that allow bypassing the registration controls.
Out of scope: the contents of user-controlled subdomains, which are the responsibility of the subdomain owner.
Do not email administrator@made-in.app for abusive subdomain content. Open a report-abuse issue against this repository — see CONTRIBUTING.md for the workflow.