Security Policy
Last updated: May 16, 2026
If you believe you have found a security vulnerability in Preserve Forever, please report it to us at security@preserveforever.photos. We ask that you give us reasonable time to investigate and address the issue before any public disclosure.
Please include: a description of the vulnerability and its potential impact; steps to reproduce the issue; any relevant screenshots, logs, or proof-of-concept code; your contact details if you would like us to respond.
We will acknowledge receipt of your report within 3 business days. We will keep you informed of our progress. We will not take legal action against researchers who act in good faith and follow this policy. We do not currently offer a bug bounty, but we will credit you in our release notes if you wish.
In scope: preserveforever.photos and its subdomains; our mobile applications; our API endpoints. Out of scope: third-party services we integrate with (Stripe, Supabase, AWS, Backblaze); social engineering or phishing attacks; denial-of-service attacks.
Email: security@preserveforever.photos. Our security.txt is available at /.well-known/security.txt.