All systems operational
    System status →

    Responsible Disclosure

    Last Updated: March 2026

    Found a vulnerability? Please tell us first.

    We take the security of our platform seriously. If you have identified a potential vulnerability in WAVjunkie, we ask that you report it to us privately before taking any other action.

    How to Report

    Send your report to [email protected] with as much detail as possible.

    Useful information to include:

    • A clear description of the vulnerability
    • The URL or page where you identified it
    • Steps to reproduce the issue
    • The potential impact as you understand it
    • Your contact details if you would like us to follow up

    What to Expect From Us

    • We will acknowledge your report within 2 business days
    • We will investigate and keep you informed of our progress
    • We will let you know when the issue has been resolved

    We ask that you allow us reasonable time to investigate and resolve any reported issue before taking further action. We consider 30 days a reasonable standard.

    Important — Public Disclosure

    WAVjunkie reserves the right to take legal action against any individual or entity that publicly discloses a security vulnerability relating to our platform, regardless of whether that vulnerability has been previously reported to us. This applies to disclosure in any form, including but not limited to social media posts, blog articles, forum discussions, public repositories, and third-party publications.

    If you have identified a vulnerability, the correct and only appropriate course of action is to report it to us privately at [email protected]. We will investigate all reports received in good faith. Public disclosure of any kind — before, during, or after a report to WAVjunkie — is not authorised and may result in legal action.

    Out of Scope

    The following are not considered security vulnerabilities for the purposes of this policy:

    • Social engineering attacks targeting WAVjunkie staff
    • Physical security issues
    • Denial of service attacks
    • Issues in third-party services such as Stripe or Supabase — please report these directly to those providers
    • Spam or email deliverability issues unrelated to security
    • Missing security headers that do not directly lead to a vulnerability

    Bug Bounty

    WAVjunkie does not currently operate a bug bounty programme. We are not able to offer financial rewards for vulnerability reports at this stage.

    Contact

    [email protected]

    For DMCA and compliance matters: [email protected]

    For general platform security information, see our Security page. For our Privacy Policy, see Privacy.

    WAVjunkie — The ultimate destination for independent music.