Security disclosure policy
Breach Horizon is a passive public-surface scanner. We welcome reports about the website, APIs, and scanner output that help keep the service accurate and safe.
What to report
- Vulnerabilities in breachhorizon.com, its API endpoints, or report rendering.
- Scanner behavior that appears intrusive, unsafe, or materially inaccurate.
- Data exposure involving submitted domains, contact forms, or report requests.
What not to send
Do not send secrets, credentials, private keys, internal network data, or third-party personal data. Do not run intrusive testing, exploitation, denial-of-service testing, spam, social engineering, or authenticated checks.
Response window
Send reports to [email protected]. We aim to acknowledge credible reports within three business days and provide remediation updates as appropriate.
See what attackers see — before they do.
Run the free passive scan, get a prioritized fix plan, and close the gaps yourself or have us do it for you.