Workoutmanager Plus values the security of its platform and users. If you discover a vulnerability, we encourage you to report it responsibly.
1. Scope
This policy applies to:
Testing must be limited to systems you own or accounts you control.
2. How to report
Please report vulnerabilities by email to:
Security contact: security@workoutmanagerplus.com
Please include:
- A clear description of the issue
- Steps to reproduce
- Impact assessment
- Screenshots or proof-of-concept if applicable
Please do not publicly disclose the issue before it has been resolved.
3. Safe Harbor
If you act in good faith and follow this policy:
- We will not initiate legal action against you.
- We will not pursue claims under anti-hacking laws.
- We will treat your report confidentially.
You must:
- Avoid privacy violations.
- Avoid accessing data belonging to other users.
- Avoid service disruption (DoS, brute force, etc.).
- Stop testing immediately after confirming the vulnerability.
4. Response timeline
- We will acknowledge receipt within 5 business days.
- We aim to resolve confirmed vulnerabilities within 60 days.
- If more time is required, we will communicate transparently.
5. Recognition
Workoutmanager Plus does not offer monetary rewards. Researchers who report valid vulnerabilities may receive public acknowledgment (optional and with consent).
6. Last updated
This responsible disclosure policy was last updated on 2026-02-24.