Report a security or privacy concern responsibly.

How to report

Email suspected security, privacy, or website integrity issues to info@biftuspark.org with a clear subject line and enough detail to reproduce or understand the issue.

What to include

Include the affected URL, a concise description, steps to reproduce, screenshots if helpful, and your contact information if you want a response.

Good-faith guidelines

Do not access, modify, download, or disclose data that does not belong to you. Do not disrupt services, attempt social engineering, or test third-party donation platforms outside their own disclosure rules.

Out of scope

Physical attacks, social engineering, denial-of-service testing, spam, automated scraping, third-party platform testing, and attempts to access donor or volunteer data are out of scope.

Good-faith handling

BiftuSpark asks researchers to act in good faith, avoid privacy harm, stop testing after identifying an issue, and give the organization reasonable time to investigate before public disclosure.

Response

BiftuSpark will make a good-faith effort to review credible reports, acknowledge receipt when possible, and take proportionate action.