Security Policy
Last updated:
WorkoutGen is built in France by two people: one developer and one sports coach.
We welcome good-faith, ethical, and responsible vulnerability reports.
We currently do not offer monetary rewards or a bug bounty program.
How to report a security issue
Please email us with enough detail to reproduce and verify the issue.
Email: security@workoutgen.app
RFC 9116 file: /.well-known/security.txt
Please include
- Clear reproduction steps
- Measurable impact
- Affected scope (URL, endpoint, user flow)
- Proof of concept or screenshots when possible
Scope
This policy applies to WorkoutGen services and official domains.
Safety expectations
- Do not exfiltrate data or access user data beyond what is strictly needed for proof
- Do not run denial-of-service or disruption tests
- Do not use social engineering, phishing, or physical attacks
- Stop testing and contact us if you access sensitive data by mistake
What you can expect from us
We will acknowledge valid reports and keep communication respectful and transparent.
If confirmed, we will prioritize fixes based on impact and available resources.