Responsible Disclosure
Report a security issue safely.
If you believe you have found a vulnerability in a lil.business or lilMONSTER service, contact us without exploiting, disrupting, or accessing data that is not yours.
Contact
Email security@lil.business. Include the affected URL or host, a clear description, reproduction steps, and your preferred contact details.
Safe Harbor Expectations
Keep testing limited to your own account or non-destructive proof. Do not run denial-of-service tests, phishing, social engineering, credential stuffing, persistence, malware, destructive payloads, or data exfiltration.
Scope
Primary scope is *.lil.business and services explicitly listed in our security.txt. Third-party services are governed by their own disclosure policies.
Our Response
We aim to acknowledge valid reports within 3 business days, triage severity, and keep reporters updated when meaningful remediation progress occurs.