Responsible disclosure
If you believe you have found a vulnerability or suspicious activity affecting Metricgram, please report it promptly so it can be reviewed and handled responsibly.
Direct reporting
Security concerns can be sent to Metricgram with enough detail to reproduce or verify the issue.
No public exposure
Please avoid publishing details, accessing other users' data, or disrupting service while a report is being reviewed.
Urgent handling
Reports involving account access, payments, Telegram groups, or personal data are treated as urgent operational issues.
What to report
Report suspected vulnerabilities in authentication, authorization, Telegram integrations, Stripe flows, webhooks, data exposure, impersonation controls, account security, or abuse-prevention logic.
You can also report suspicious account activity, unexpected access, phishing attempts, or exposed secrets connected to Metricgram.
What to include
- Summary Describe the affected area, risk, and expected impact.
- Steps Include clear reproduction steps, affected URLs, screenshots, logs, or request IDs when available.
- Scope State whether the issue affects your own account, a test workspace, a Telegram group, payments, or another user.
Research boundaries
Do not access, modify, delete, export, or share data that does not belong to you. Do not degrade service, run destructive tests, bypass payment flows, or interact with Telegram groups without permission.
If you encounter data you should not see, stop testing and report the minimum details needed for investigation.
Where to send reports
Email security-sensitive reports to info@metricgram.com. Include a clear subject line such as Security report or Vulnerability report.
Questions or data requests
Contact Metricgram at info@metricgram.com