TRUST

Security

Last updated: July 7, 2026

Responsible disclosure

If you believe you found a security vulnerability affecting smdownloader.com, please report it privately before public disclosure. Email security@smdownloader.com with enough detail for us to reproduce the issue.

What to include

  • A clear description of the issue and its potential impact.
  • Steps to reproduce, including URLs or request shapes if relevant.
  • Your contact address for follow-up questions.
  • Whether you are submitting under a coordinated disclosure timeline.

What we investigate

  • Issues on smdownloader.com and its official API routes.
  • Authentication, authorization, or data-handling flaws on our infrastructure.
  • Cross-site scripting, injection, or open-redirect issues on our pages.

We do not offer bounties today. Valid reports are acknowledged and prioritized by severity.

Out of scope

  • Vulnerabilities in third-party social platforms or their CDNs.
  • Social engineering, spam, or copyright disputes — use Contact & Abuse.
  • Denial-of-service tests against production without prior written approval.
  • Reports that require a user to install untrusted software.

Transport and headers

The site is served over HTTPS. Standard security headers (including HSTS and frame protections) are configured at the edge. For data-handling practices, see Transparency and Privacy.