Security

Last updated: May 20, 2026

Reporting a Vulnerability

If you believe you have found a security vulnerability in any Deanvelopment property (deanvelopment.com, the AEO browser extension, or aeo.deanvelopment.com), please email support@deanvelopment.com with a clear description, reproduction steps, and any relevant context. PGP encryption is not yet required but is welcomed.

Scope

In scope: deanvelopment.com and its subdomains, the AEO browser extension as distributed by us, and any first-party API endpoints we expose. Out of scope: third-party services we use (please report those directly to the vendor), social-engineering attacks, denial-of-service testing, and any testing that affects other users' data.

Responsible Disclosure

We ask that you give us a reasonable opportunity to investigate and remediate before publicly disclosing details of a vulnerability. We will acknowledge your report and keep you informed of progress. We do not currently run a paid bug-bounty programme but we are grateful for good-faith reports and will publicly thank reporters who wish to be credited.

Safe Harbor

If you make a good-faith effort to comply with this policy during your security research, we will consider your activity authorised, will not pursue legal action against you for the research, and will work with you to understand and resolve the issue. This safe harbor does not extend to activities that intentionally harm users or systems, or that violate applicable law.

Contact

Security contact: support@deanvelopment.com. General contact: hello@deanvelopment.com. A machine-readable security.txt is also published at /.well-known/security.txt.