Fact Checker AI Humanizer New Community Pricing Tools Directory New

Security

Security

Responsible Disclosure Policy • Last updated: February 27, 2026

We take the security of FactCheckTool.com and our users' data seriously. If you believe you've found a security vulnerability in our service, we encourage you to report it responsibly. We appreciate the work of security researchers and commit to working with you to resolve issues quickly.

1. Reporting a Vulnerability

To report a security vulnerability, please email us at: [email protected]

Use the subject line: [Security Vulnerability Report]

Please include in your report:

  • A clear description of the vulnerability and its potential impact
  • Step-by-step instructions to reproduce the issue
  • The affected URL, endpoint, or component
  • Any proof-of-concept code or screenshots (optional but helpful)
  • Your contact information so we can follow up

2. Our Commitment to You

When you report a vulnerability in good faith, we commit to:

  • Acknowledging your report within 48 hours
  • Providing regular updates on our progress
  • Working to resolve confirmed vulnerabilities as quickly as possible
  • Notifying you when the issue has been resolved
  • Not pursuing legal action against researchers who follow responsible disclosure guidelines
  • Crediting you in our acknowledgements (if you wish)

3. Responsible Disclosure Guidelines

We ask that security researchers:

  • Do not access, modify, copy, or delete data belonging to other users
  • Do not perform denial-of-service (DoS) or distributed DoS attacks
  • Do not use automated scanners against our infrastructure without prior permission
  • Do not attempt social engineering, phishing, or physical attacks against our team
  • Give us reasonable time to fix the issue before any public disclosure (we request 90 days)
  • Do not publicly disclose vulnerability details until we have released a fix
  • Only test to the minimum extent necessary to confirm the vulnerability

4. Scope

In Scope

The following are in scope for responsible disclosure:

  • The FactCheckTool.com web application
  • Our backend API endpoints
  • Authentication and account management systems
  • File upload and processing pipeline
  • Our payment flow

Out of Scope

The following are outside the scope of this policy:

  • Third-party services we use
  • Social engineering or phishing attacks
  • Physical security of our infrastructure
  • Denial of service or volumetric attacks
  • Email spoofing or spam without demonstrated impact

5. security.txt

We maintain a standard security.txt file at /.well-known/security.txt in accordance with RFC 9116, making it easy for researchers to find our security contact.

/.well-known/security.txtView security.txt

Found a Security Issue?

Email us immediately. We take every report seriously and respond promptly.

Security contact: [email protected]