Skip to content

Security contact

Security contact — RentersActReady

Last updated: 22 April 2026.

RentersActReady is operated by Crocker Digital Ltd. We welcome reports of security issues from researchers, customers, and the public.

How to report

Email security@rentersactready.co.uk with:

  • A description of the vulnerability or issue.
  • A proof-of-concept that demonstrates the impact (without exfiltrating real user data beyond what's strictly necessary).
  • The environment you observed the issue in (production at https://rentersactready.co.uk, staging at https://staging--val-rentersactready.netlify.app, or a local checkout of the public source).
  • Your preferred contact method for follow-up.

We will acknowledge your report within 2 working days and commit to:

  • A first-pass triage response within 5 working days.
  • Keeping you informed of progress at reasonable intervals during remediation.
  • Crediting you in the remediation notes (if you wish) once the fix is published.

Scope

In-scope targets:

  • Production: https://rentersactready.co.uk and https://www.rentersactready.co.uk
  • Staging: https://staging--val-rentersactready.netlify.app
  • API routes under /api/*
  • Email links at *@rentersactready.co.uk or *@mail.rentersactready.co.uk

Out-of-scope (please do NOT test):

  • Supabase, Stripe, Netlify, Resend, or Sentry infrastructure as such — report directly to those vendors.
  • Social-engineering attacks against our staff or customers.
  • Denial-of-service at a rate that affects other users.
  • Physical security.

Safe-harbour

If you follow this policy, we will:

  • Not pursue civil or criminal action against you for good-faith testing that complies with the scope + limits above.
  • Work with you on coordinated disclosure — we aim to remediate within 90 days of a valid report and will agree a public disclosure timeline with you before that point.

PGP

We do not currently offer a PGP public key. If you need end-to-end encryption for a particularly sensitive report, mention this in your first email and we will arrange a secure channel (Signal, ProtonMail-to-ProtonMail, or an equivalent).

Bug-bounty programme

We do not operate a paid bug-bounty programme at this time. We're happy to publicly acknowledge researchers who submit valid reports under this policy.

Crocker Digital Ltd, Company No. 17008789. Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. ICO registration ZC128626.