Educational content only. Not legal, financial, tax, or medical advice. Plan Your Passing is not a law firm and no attorney-client relationship is created here. Estate, probate, tax, and inheritance laws differ by country, state, and county. You are responsible for confirming what applies to you. Always consult a licensed attorney in your jurisdiction before acting on anything you read or generate on this site.
Security
Vulnerability disclosure policy
We welcome good-faith security research. If you find a vulnerability, here's how to report it.
How to report
Email roger@planyourpassing.org with reproduction steps, expected vs. observed behavior, and any proof-of-concept artifacts.
Our commitments
- Acknowledge receipt within 48 hours
- Provide a remediation timeline within 7 days
- Credit you publicly on this page (with your permission)
- Never pursue legal action against good-faith researchers operating within this policy
- Notify users if a vulnerability has been exploited
Scope
In scope
- planyourpassing.org and all subdomains
- API endpoints at /api/*
- AI tools at /tools/*
Out of scope (report to vendor directly)
- Stripe-hosted checkout pages → security@stripe.com
- Vercel platform issues → security@vercel.com
- Resend email delivery → security@resend.com
- Gemini / Google Cloud → bughunters.google.com
Not eligible
- Denial of service (DoS / DDoS)
- Spam / social engineering
- Issues requiring full physical access to a user's device
- Missing security headers without a demonstrated impact
- Email spoofing without an associated phishing campaign
Hall of fame
No reports received yet. Be the first.
Machine-readable version: /.well-known/security.txt