Security

Responsible disclosure

Found a security issue? We want to hear about it. We value researchers who work responsibly and we give them a clear path to report their findings.

Report via email: [email protected]

Scope

This policy applies to:

  • edukamentas.lt and all its subdomains
  • "Edukamentas" iOS and Android mobile apps

How to report

Send an email to [email protected] and include:

  • A short description of the finding and potential impact.
  • Steps to reproduce, URLs, request / response samples.
  • Screenshots, PoC video, or payload examples if relevant.
  • Your contact details if you want a response from us.

We respond within 5 business days. Critical issues are acknowledged within 24 hours.

Please do not

  • Publicly disclose the vulnerability until we agree on coordinated publication.
  • Use other users' accounts or personal data — test only with your own account.
  • Run DoS, brute force, spam, or social engineering attacks against our team.
  • Modify, delete, or exfiltrate data that does not belong to you.
  • Publish vulnerabilities on third-party platforms without our permission.

Out of scope

The following are generally not accepted as reports:

  • Theoretical reports without a demonstrated impact.
  • Automated scanner results without a confirmed exploit.
  • Missing security headers without a concrete exploitation path.
  • SPF / DKIM / DMARC configuration without real spoofing evidence.
  • Rate limiting gaps without a clear harm scenario.
  • Self-XSS, clickjacking without a sensitive action.

Our commitment

  • If you act in good faith under these guidelines, we will not pursue legal action.
  • We will acknowledge receipt and keep you updated on progress.
  • We will fix confirmed issues within a reasonable timeframe based on severity.
  • We will thank you publicly — on social media, LinkedIn, or a blog post, if you agree.
  • The Edukamentas team attends OWASP and other security conferences — the community matters to us, and we do our honest moral best.

Rewards

We are a young, growing company and we do not yet run a formal bug bounty. Even so, for meaningful findings we will do our best to thank you — case by case, based on impact and complexity. Typically this is a cash reward proportional to what we can afford. Critical issues are a priority.

Contact

For security matters: [email protected]

Last updated: 2026-04-05. MB "Uncascade" / Edukamentas, V. Nagevičiaus str. 3, LT-08237 Vilnius, Lithuania.

We use cookies.
Learn more