Security Policy

Last updated: 2026-06-18

Reporting a vulnerability

If you believe you've found a security issue in any EloLin product (accounts.elolin.com, kinmate.elolin.com,testhive.elolin.com, evoclaw.elolin.com, or any other *.elolin.com property), please email security@elolin.com with:

• A clear description of the issue and its impact
• Steps to reproduce (if possible)
• Your name and any optional preferred attribution

Our commitments

• We acknowledge reports within 48 hours.
• We don't pursue legal action for good-faith research that respects user data and avoids destructive testing.
• We coordinate disclosure timing with reporters.

Out of scope

• Denial-of-service attacks against EloLin or Cloudflare
• Social engineering of EloLin staff
• Issues that require physical access to a user's device
• Reports from automated scanners with no evidence of impact

Abuse reports

Non-vulnerability abuse (spam, harassment, copyright infringement) should also go to security@elolin.com. Include URLs, account identifiers (if known), and any relevant evidence.

Standards

Our security.txt follows RFC 9116.

Other contact channels: all legal pages · hello@elolin.com