Disclosure

Report issues to security@original.org.uk. In scope: auth bypass, access control, data exposure, XSS/CSRF, injection, misconfig. Out of scope: DoS/volume tests, social engineering, third-party platforms. Test responsibly; don’t impact availability. Safe harbour for good-faith reports.