Legal
Security & Vulnerability Disclosure
Last updated: June 29, 2026
We welcome good-faith reports from security researchers. This page explains how to reach us and what to expect. It is a coordinated-disclosure policy, not a contract or a bug-bounty program.
1. Reporting a vulnerability
Email security@freebatteryfactory.com with the subject line:Security Report - Free Battery Factory. Helpful reports include:
- The affected URL, endpoint, repository, or package
- A clear description of the issue and its potential impact
- Steps to reproduce, or a minimal proof of concept
Do not include secrets, credentials, regulated data, protected health information, financial account numbers, or third-party confidential information in your initial report.
2. Scope
This policy covers our public-facing systems, such as:
- The freebatteryfactory.com website and its public contact form
- Our public source repositories and published packages
- Other public-facing systems we operate
Third-party services we use (for example, hosting, email, or registry providers) are outside this scope — please report issues in those services to the relevant provider.
3. Good-faith research
We will not pursue or support legal action against researchers who, in good faith, follow this policy and act to avoid harm. In return, we ask that you:
- Avoid privacy violations, data destruction, and service degradation or interruption
- Do not run denial-of-service tests, send spam, or use social-engineering, phishing, or physical attacks
- Do not access, modify, or retain data that is not yours; use only test data where possible
- Give us a reasonable opportunity to investigate and remediate before public disclosure
4. No bug bounty
Free Battery Factory, LLC does not currently run a public bug bounty program and does not offer monetary rewards. We’re glad to credit researchers who report valid issues, if you’d like.
5. What to expect
We aim to acknowledge valid reports, investigate in good faith, and address confirmed issues as promptly as is reasonable for a small team. Timelines depend on severity and complexity.
6. security.txt
Our machine-readable contact details follow RFC 9116and are published at /.well-known/security.txt.