Report security issues responsibly.

Email security reports to security@mesquared.ai. Include a clear description, affected URL or route, steps to reproduce, impact, screenshots or logs when useful, and your contact information for follow-up.

• Use only your own account, test data, or data you are authorized to access.
• Stop testing and report immediately if you encounter customer data, secrets, credentials, or private content.
• Do not publicly disclose the issue until we have had a reasonable time to investigate and remediate it.
• Do not degrade service, access another customer workspace, exfiltrate data, or persist access.

• Spam, social engineering, phishing, physical attacks, denial of service, or attacks against employees or vendors.
• Automated scanner output without practical exploitability or impact.
• Issues requiring compromised credentials, outdated browsers, or unsupported user behavior.
• Reports about third-party services unless the issue directly affects MeSquared Marketing.

We will review reports, prioritize based on severity and customer impact, and follow up when we need more detail. If you follow this policy in good faith, we do not intend to pursue legal action against you for the research described in your report.