Skip to content

Responsible Disclosure

Report a security issue safely.

If you believe you have found a vulnerability in a lil.business or lilMONSTER service, contact us without exploiting, disrupting, or accessing data that is not yours.

Contact

Email security@lil.business. Include the affected URL or host, a clear description, reproduction steps, and your preferred contact details.

Safe Harbor Expectations

Keep testing limited to your own account or non-destructive proof. Do not run denial-of-service tests, phishing, social engineering, credential stuffing, persistence, malware, destructive payloads, or data exfiltration.

Scope

Primary scope is *.lil.business and services explicitly listed in our security.txt. Third-party services are governed by their own disclosure policies.

Our Response

We aim to acknowledge valid reports within 3 business days, triage severity, and keep reporters updated when meaningful remediation progress occurs.