We take security very seriously at RATELIMITED. We welcome everyone to peek at our code and verify for themselves, as well as run a clone of our service for themselves.

In order to give the community time to respond and upgrade we strongly suggest you report all security issues privately. Please use the vulnerability disclosure program at HackerOne to provide details and steps to reproduce the issue and we will respond ASAP. If you prefer not to use HackerOne, email us directly at security@ratelimited.me with details and steps to reproduce the issue. Security issues will always take precedence over bug fixes and features. Releases are marked as urgent if they contain security fixes.

Most security issues fall under one of the following categories: SQL injection; privilege escalation and XSS attacks, and other similar attacks.

Any site or service we don't control, such as Discord, Bitly or other third party sites are out of scope. Please report security issues with other sites to the creators directly.

Attacks related to RATELIMITED that are out of scope would include: social engineering attacks; attacks through a genuine user such as a RAT or trojan and physical or DDoS attacks.

Unfortunately, due to the costs of running the service and our size, we don't pay a bug bounty - but we're open to suggestions about what we could offer - such as premium access to our service.