Security policy
Last updated: 2026-05-12
Reporting a vulnerability
We welcome reports from security researchers. If you believe you have found a security issue in GradLaunch, please email security@gradlaunch.co.uk.
Please include: a description of the issue, steps to reproduce, the URL or endpoint affected, and any proof-of-concept payload. We will acknowledge your report within 3 business days.
Scope
gradlaunch.co.ukandwww.gradlaunch.co.uk- Our backend APIs under
/api/
Out of scope
- Denial-of-service or volumetric attacks
- Social engineering of staff or users
- Reports from automated scanners with no manual verification
- Issues in third-party services we depend on (please report to them directly)
Safe harbor
We will not pursue legal action against researchers who follow this policy in good faith, who avoid privacy violations, destruction of data, and interruption of service, and who give us reasonable time to respond before public disclosure.