What to include
- A concise description and affected feature
- Reproduction steps that do not access other users' data
- Device, app version and approximate timestamp
- Your preferred contact details
Please report suspected vulnerabilities privately so Locily can investigate before details are shared publicly.
Email info@locily.dk with the subject “Private security report”. Never include passwords, private keys or unnecessary personal data.
Do not disrupt the service, use social engineering, exfiltrate data, test against other people's accounts or publicly disclose an unresolved issue.
Locily will acknowledge credible reports and coordinate remediation and disclosure based on severity and available evidence.