GymTempo
EN

Security

Security Policy

How to report a security issue in GymTempo, what is in scope, and what to expect in response.

Last updated: May 16, 2026

GymTempo is a free hobby project built by one developer in Poland, with a simple goal: make a clean, minimal workout tracker for people who already lift.

If you find a vulnerability, please tell us. We cannot pay bug bounties — there is no company behind this, just one person trying to keep the lights on. But we take every report seriously and will do everything we can to fix it fast.

Responsible researchers will be publicly credited in our Hall of Fame below. No reward beats knowing you helped protect people who are just trying to track their training.

How to report a security issue

Email us directly. We respond within 48 hours — no ticketing system, no corporate black hole.

Please include

  • Clear reproduction steps.
  • Measurable impact.
  • Affected scope (URL, endpoint, user flow).
  • Proof of concept or screenshots when possible.

Scope

This policy covers gymtempo.app, app.gymtempo.app and all related services operated by GymTempo. If you are unsure whether something is in scope, ask first — we would rather have a false alarm than miss a real issue.

What we ask of you

  • Do not access or copy user data beyond what is strictly needed to prove the vulnerability exists.
  • Do not run denial-of-service tests — our infrastructure is lean and we pay for every request.
  • No social engineering, phishing or physical attacks.
  • If you accidentally access something sensitive, stop and tell us — we will keep it confidential and work with you, not against you.

What you can expect from us

We will acknowledge your report within 48 hours and be transparent about what we find and what we can realistically do. We will not take legal action against good-faith security research.

GymTempo is operated by a single person, so timelines depend on severity and complexity. Critical issues always get immediate attention.

Hall of Fame

These researchers chose to help instead of harm. We are grateful.

No reports yet. Be the first.