What to include
- Exact URL, endpoint, or workflow affected.
- Reproduction steps with account role and browser context.
- Impact description with realistic abuse path.
- Evidence such as request IDs, screenshots, or payload samples.
Security Disclosure
Report vulnerabilities through a clear, auditable channel.
BuildLens accepts good-faith vulnerability reports covering account security, data access, billing, moderation, and deal-room workflows. We want a direct path for security researchers, buyers, and operators who need a serious response surface.
What happens next
- We acknowledge receipt and triage severity.
- We contain exposure first, then confirm root cause.
- We preserve an audit trail for fixes and follow-up actions.
- We may coordinate disclosure timing when a fix is in progress.
Good-faith expectations
- No destructive actions, extortion, or privacy-invasive testing.
- No access beyond what is needed to demonstrate impact.
- No credential stuffing, spam, or denial-of-service activity.
- Use the contact below if you are unsure whether a test is safe.