Disclosures Policy

Effective date: January 12, 2026. Security, transparency, and reporting.

Reglook believes in transparency. This policy outlines our approach to security vulnerability disclosure, law enforcement requests, and affiliate relationships.

1. Vulnerability Disclosure

We take the security of our systems and our users' data very seriously. If you have discovered a security vulnerability in any Reglook service, we encourage you to disclose it to us in a responsible manner.

We offer a Bug Bounty program for meaningful vulnerabilities that pose a significant risk to our platform or users.

2. Scope of Program

In Scope:
- reglook.com and all subdomains (except those hosted by users).
- Reglook API endpoints.
- Official Reglook mobile applications.

Out of Scope:
- User-hosted content (e.g., a website built by a customer).
- Social engineering or phishing attempts against our employees.
- Denial of Service (DoS) attacks.

3. Reporting Guidelines

When reporting a potential vulnerability, please include:

  • A detailed description of the vulnerability.
  • Steps to reproduce the issue.
  • Proof of concept (screenshots, video, or code).
  • The impact of the vulnerability.

Send reports to security@reglook.com. We aim to acknowledge receipt within 48 hours.

4. Safe Harbor

If you conduct your security research in accordance with this policy and applicable law, we will not pursue legal action against you. We consider this security research to be authorized activity.

5. Law Enforcement Disclosure

Reglook respects the privacy of our users but complies with valid legal processes. We will only disclose user information to law enforcement agencies in response to a valid court order, subpoena, search warrant, or other ensuring legal process.

We review all requests for legal sufficiency. If permitted by law, we will attempt to notify the user before disclosing their information, unless we believe that doing so would result in a risk of harm or is prohibited by a non-disclosure order.

6. Transparency Report

We publish an annual Transparency Report detailing the number of government requests for user data we receive and our response to them.

2025 Summary (Jan - Dec)

Government Requests14
Accounts Affected22
Disclosed3
Rejected11

7. Affiliate Disclosure

Some of the links on our blog or website may be affiliate links. This means if you click on the link and purchase an item, we may receive an affiliate commission at no extra cost to you. We only recommend products or services we believe will add value to our readers.

8. Contact Us

For security issues: security@reglook.com
For legal inquiries: legal@reglook.com

Last updated: January 12, 2026