• Provide details of the vulnerability, including information on how it can be reproduced.
• Avoid any malicious activities that could harm our systems or data.
• Avoid activity that breaks Terms of Service of third party platforms we use
• Do not publicly disclose the vulnerability until we have had a chance to address it.
• Respect the privacy and integrity of our users' data.

• Getting the app to post bad user content by breaking ToS of third party websites. For example, adding bad content to Last.fm and posting it through the bot.
• NSFW or NSFL album covers. You can report those in our server with the embed in #rules-info channel.

There are two ways to report a vulnerability:

• Join our Discord server and DM one of the developers
• Send an email to security@fm.bot

It is appreciated if you can include the following:

• A description of the vulnerability.
• Reproduction steps or a proof-of-concept.
• Any additional information that may be helpful.

• Respond to your report within 24 hours.
• Keep you informed about the progress of resolving the vulnerability.
• Acknowledge your efforts if the report is valid.