Last updated: January 2026
WebInsight is a sustainability‑focused web intelligence application developed by myHerb. We are committed to protecting user data, maintaining secure development practices, and ensuring that our platform operates responsibly and transparently.
We strongly encourage responsible disclosure.
Email: myherb.contact@gmail.com
Please include:
- Description of the issue
- Steps to reproduce
- Potential impact
- Relevant logs or proof‑of‑concepts
We acknowledge reports within 72 hours and provide a remediation timeline within 7 business days.
In scope:
- WebInsight frontend & backend
- API endpoints
- Cloudflare Workers & Pages
- myHerb‑managed infrastructure
Out of scope:
- Third‑party services
- Social engineering
- User‑generated content
- Code reviews
- Dependency scanning
- Static analysis
- Least‑privilege access
- HTTPS enforced
- No plaintext sensitive data
- Secure secret vaults
- Access log audits
- Cloudflare WAF
- DDoS protection
- Rate limiting
- Zero‑trust internal access
- Reduced compute waste
- Efficient caching
- Minimal logging
- Avoiding over‑provisioning
Allowed:
- Non‑destructive testing
- Testing with your own accounts
- Reviewing public endpoints
Not allowed:
- DoS attacks
- Automated scanning that degrades performance
- Accessing others’ data
- Attacking unrelated myHerb systems
- Private report
- Acknowledgment
- Investigation
- Fix deployed
- Optional researcher credit
- Public advisory (if needed)
We do not pursue legal action for good‑faith testing.