Security

Last updated: March 15, 2026

The security of this site and the privacy of people wey dey use am dey important to us. We dey welcome responsible disclosure of security vulnerabilities from security researchers, developers, and members of the public.

This page explain our responsible disclosure policy — how to report vulnerability, wetin dey within scope, and how we go respond. Abeg follow these guidelines when you dey investigate and report potential security issues.

Report vulnerability

If you discover security vulnerability, abeg report am to us via email. No disclose the vulnerability publicly until we don get reasonable chance to investigate and fix am.

contact@freeonlinenosignup.com

Abeg put "Security Vulnerability Report" for subject line and share as much as you fit:

  • Clear description of the vulnerability and the impact wey e fit cause
  • The URL, endpoint, or component wey get issue
  • Step-by-step instructions to reproduce the issue
  • Any proof-of-concept code, screenshots, or request/response examples
  • Your name or handle if you wan make we credit you (optional)

Scope

These ones dey within scope for responsible disclosure:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Server-side injection vulnerabilities (SQL injection, command injection, etc.)
  • Authentication or authorisation bypass
  • Sensitive data exposure or information leakage
  • Security misconfigurations wey attacker fit exploit
  • Open redirects wey dem fit use for phishing attacks
  • Insecure direct object references
  • Remote code execution

Out of scope

These ones dey out of scope and we no go accept am as valid vulnerability reports:

  • Denial of service (DoS or DDoS) attacks or testing
  • Brute force attacks against any part of the site
  • Automated scanning without prior written permission
  • Social engineering or phishing attacks wey target our users or staff
  • Physical security issues
  • Vulnerabilities for third-party services, libraries, or infrastructure wey no dey under our control — abeg report them to the relevant vendor
  • Missing security headers wey no show clear, exploitable vulnerability for this specific context
  • Theoretical vulnerabilities without working proof of concept or demonstrated impact
  • Issues wey require say user don already compromise their own device or browser

Wetin you fit expect

When you submit vulnerability report, na this you fit expect from us:

1

Acknowledgement

We go acknowledge say we receive your report within 3 business days.

2

Investigation

We go investigate the report and check if the issue valid and how serious e be. We fit follow up with questions if we need more info.

3

Resolution

For confirmed vulnerabilities, we go work to fix am as fast as possible, based on severity. We go keep you updated.

4

Disclosure

When we don fix the issue, we fit coordinate public disclosure with you if you want. Abeg allow us reasonable remediation time before you publish details.

Our commitments

When you report vulnerability in good faith and follow this policy, we commit to:

  • No pursue legal action against you for your research
  • Treat your report confidentially and no share your personal details without your consent
  • Keep you updated about the status of the issue
  • Credit you for the discovery if you want and if the issue confirm
  • Work to address confirmed vulnerabilities on time

We ask in return make you no access, modify, or delete data wey no be your own; no disrupt the availability of the site; and no do testing on accounts or data wey belong to other users.

Contact

For general questions about this policy wey no be vulnerability report, use the contact page. For non-security bug reports, use the report issue page.