TRUST
Security
Last updated: July 7, 2026
Responsible disclosure
If you believe you found a security vulnerability affecting smdownloader.com, please report it privately before public disclosure. Email security@smdownloader.com with enough detail for us to reproduce the issue.
What to include
- A clear description of the issue and its potential impact.
- Steps to reproduce, including URLs or request shapes if relevant.
- Your contact address for follow-up questions.
- Whether you are submitting under a coordinated disclosure timeline.
What we investigate
- Issues on smdownloader.com and its official API routes.
- Authentication, authorization, or data-handling flaws on our infrastructure.
- Cross-site scripting, injection, or open-redirect issues on our pages.
We do not offer bounties today. Valid reports are acknowledged and prioritized by severity.
Out of scope
- Vulnerabilities in third-party social platforms or their CDNs.
- Social engineering, spam, or copyright disputes — use Contact & Abuse.
- Denial-of-service tests against production without prior written approval.
- Reports that require a user to install untrusted software.
Transport and headers
The site is served over HTTPS. Standard security headers (including HSTS and frame protections) are configured at the edge. For data-handling practices, see Transparency and Privacy.