🥔 QR Potato

Responsible Disclosure

Last updated: December 2025

We Appreciate You

Security researchers help make the internet safer. If you've found a vulnerability in QR Potato, we'd genuinely like to hear about it.

How to Report

Found something sketchy? Here's what to do:

• Email us: Use the contact page with "Security" in the subject
• Be descriptive: Include steps to reproduce, potential impact, and any proof-of-concept
• Give us time: We'll try to respond within 48 hours and fix issues promptly

What We're Looking For

• Authentication or authorization bypasses
• Cross-site scripting (XSS)
• SQL injection
• Server-side request forgery (SSRF)
• Remote code execution
• Sensitive data exposure
• Other vulnerabilities that could harm our users

What's Out of Scope

• Social engineering attacks
• Denial of service (DoS/DDoS)
• Physical attacks on infrastructure
• Spam or content abuse
• Missing security headers that don't lead to exploits
• Self-XSS or issues requiring unlikely user interaction

Our Promises

• We won't pursue legal action against good-faith researchers
• We'll work with you to understand and fix the issue
• We'll keep you updated on our progress
• We'll credit you (if you want) once the issue is resolved

Please Don't

• Access or modify other users' data
• Disrupt our service or degrade performance
• Share vulnerabilities publicly before we've fixed them
• Use automated scanners without permission

No Bug Bounty (Yet)

We're a small operation and don't currently offer monetary rewards. But we do offer our sincere gratitude, public credit if you want it, and the warm fuzzy feeling of making the internet a bit safer.

Questions?

Reach out via the contact page.

Contact | FAQ | Privacy Policy | Security | Terms & Conditions | Technology

"QR Code" is a registered trademark of DENSO WAVE INCORPORATED