Security Policy

ToolsePulse takes security seriously. Every tool on this site runs entirely in your browser — your files never upload to our servers. That makes most server-side vulnerabilities impossible. Still, we welcome responsible disclosure of any security issues you discover.

How to report a vulnerability

Send a detailed report to security@toolsepulse.co. Please include:

• A clear description of the issue
• Steps to reproduce
• The potential impact
• Your name or handle if you'd like credit

What you can expect from us

• An acknowledgment within 72 hours of your report
• Honest communication about the issue and our timeline to fix it
• Public credit (if you want it) once the fix is deployed
• No legal action for good-faith research that follows this policy

Scope

This policy covers vulnerabilities in:

• The toolsepulse.co website and its subdomains
• The browser-based tools served from this site
• Any official API endpoints (currently very limited)

Out of scope:

• Issues in third-party browser extensions that integrate with our tools
• Social engineering attacks against ToolsePulse staff
• Physical attacks against any infrastructure
• Denial-of-service via traffic flooding

Responsible disclosure

Please give us a reasonable window — typically 90 days — to address an issue before any public disclosure. We will work in good faith to fix issues promptly. If a fix takes longer than 90 days for legitimate reasons, we'll communicate timelines openly.

Privacy by design

ToolsePulse is built privacy-first. We don't upload your files. We don't track individual users for advertising purposes. We use standard analytics for aggregate traffic understanding only. For details, see our Privacy Policy.