Security policy
If you find a security issue in Anlage V Easy, email security@anlage-v-easy.com. Include the affected URL, a short reproduction path, impact, and any safe proof of concept.
Anlage V Easy handles tax inputs, generated reports, checkout state, and authentication sessions. Reports that can expose another user's data, bypass the eligibility or payment flow, tamper with generated documents, or execute code server-side are treated as high priority. The safest useful report is specific, reproducible, and avoids touching accounts or data that do not belong to you.
Scope
- Anlage V Easy application, checkout, authentication, and API routes.
- Data exposure, authentication bypass, payment abuse, or server-side execution risks.
- No automated destructive testing, spam, denial of service, or access to other users' data.
Safe testing rules
- Use your own account, your own declaration, and non-sensitive sample data.
- Do not attempt bulk scraping, credential attacks, payment fraud, or denial-of-service tests.
- If you accidentally access data that is not yours, stop testing and report only the minimum detail needed to reproduce the issue.
Response
I review concrete reports as quickly as possible and prioritize exploitable risks that could affect user data, payments, or tax documents. This is not a bug bounty program, but responsible reports are welcome and credited when appropriate.
Low-risk UI bugs, SEO issues, or purely theoretical findings are handled after exploitable security problems. For legal, tax, billing, or product-support questions, use the normal contact address instead of the security mailbox.