Security reporting
Security Contact
Where to send security concerns, abuse reports, and trust questions about RequestFlow.
Last updated: June 9, 2026
What this page covers
If you believe you have found a security issue, suspected abuse, or a privacy concern involving RequestFlow, contact us with enough detail to investigate safely.
Contact
Security and trust questions can be sent to cal6542@gmail.com.
- Include the affected URL, account, request, or feature if known.
- Describe the issue, expected impact, and steps to reproduce if it is safe to do so.
- Do not include client documents, raw secrets, passwords, PINs, connection tokens, or full client links in email.
Responsible disclosure
Please avoid testing that could harm customers, clients, data, or service availability.
- Do not access, modify, delete, or exfiltrate data that is not yours.
- Do not run denial-of-service testing, destructive scanning, spam, phishing, or social engineering.
- If you accidentally access sensitive data, stop testing and report what happened without sharing the data further.
What to report
Useful reports are specific, reproducible, and focused on real risk.
- Cross-tenant access, authentication bypass, exposed secrets, broken link protection, unsafe file access, logging of raw secrets, malware scan bypass, or support access concerns.
- Suspicious requests, phishing, impersonation, malware uploads, or abuse of client document links.
- Privacy, deletion, or account access concerns that need a security-aware response.
Questions before launch?
Tell us what your firm needs to know before launch, and we will follow up with the right privacy, terms, or security details.