Security
Security Policy
This Security Policy explains how to report security concerns related to MintBear Radio Player and how we handle good-faith vulnerability reports.
1. Scope
This policy applies to the public website, player interface, static assets, and application endpoints available on https://mintbear.com/. It does not cover third-party radio streams, external metadata providers, external artist databases, hosting providers, browsers, operating systems, or other services that are not operated by MintBear Radio Player.
MintBear Radio Player is a player and directory for online radio streams. We do not operate the third-party broadcasts included in the catalog and cannot directly fix security or availability issues inside those external services.
2. Reporting a Vulnerability
If you believe you have found a security issue, contact us at info@mintbear.com. Please include the affected URL, a clear description of the issue, reproduction steps, possible impact, and any relevant screenshots or logs.
Do not include sensitive personal data, credentials, private keys, or data that you are not authorized to access. If the report includes proof-of-concept material, keep it limited to what is needed to demonstrate the issue safely.
3. Good-Faith Research
We appreciate responsible research performed in a way that avoids harm to users, infrastructure, and third-party services. Please do not disrupt the website, attempt denial-of-service testing, bypass rate limits at scale, access non-public data, alter content, or continue testing after discovering a vulnerability.
Reports made in good faith and without harmful activity will be reviewed constructively. This policy is not a bug bounty program and does not promise compensation.
4. Response Process
We aim to review security reports within a reasonable time and may contact you for clarification. Confirmed issues are prioritized based on severity, exploitability, user impact, and operational risk.
Please give us reasonable time to investigate and address a confirmed vulnerability before sharing technical details publicly.
5. Document Changes
We may update this Security Policy when the website, infrastructure, contact process, or legal requirements change. The latest version is published on this page with the last updated date shown above.