Report security vulnerabilities in any Nova Heaven product or service. We take every report seriously and respond promptly.
Email security@novaheaven.io with the affected product and version, steps to reproduce, potential impact, and any proof-of-concept.
We acknowledge reports within 48 hours, provide an initial assessment within 7 days, keep you informed of progress, and credit you in release notes unless you prefer anonymity. We do not pursue legal action against good-faith researchers.
All Nova Heaven plugins, the novaheaven.io website and subdomains, and associated services. Out of scope: social engineering, denial of service, excessive automated scanning, and third-party software.
Good-faith researchers who follow this policy are authorized and will not face legal action. Do not access other users' data, degrade service availability, or exploit beyond demonstration.