Security Policy
TestServes welcomes responsible security reports that help protect schools, students, staff, and platform administrators.
Reporting A Vulnerability
Please report suspected security issues through the contact page and include enough detail for our team to reproduce and assess the issue. Do not include sensitive student, staff, payment, or school data unless it is strictly necessary.
Responsible Disclosure
- Do not access, modify, delete, or exfiltrate data that does not belong to you.
- Do not disrupt live services, examinations, payments, or school operations.
- Give TestServes reasonable time to investigate and fix confirmed issues before public disclosure.
- Use only accounts, schools, or data you own or have explicit permission to test.
Out Of Scope
Automated noisy scans, social engineering, denial-of-service testing, physical attacks, and reports without practical security impact are out of scope.
Acknowledgments
Valid responsible reports may be acknowledged on our Hall of Fame, where appropriate and with the reporter's consent.