map.ca

Security

We care about the security of map.ca and everyone who uses it. If you think you've found a vulnerability, we want to hear from you — responsible reports help us keep the community map safe.

Scope

This policy covers map.ca and its sister surfaces — map.foundation, realmap.ca, and mapu.ca — together with our public APIs. Please don't test third-party services we depend on, and never access, change, or delete data that isn't yours.

Safe harbour

We won't pursue legal action against researchers who act in good faith: avoid privacy violations and service disruption, only interact with accounts you own or have explicit permission to test, and give us a reasonable window to fix an issue before disclosing it publicly.

How to report

Send a clear description of the issue, the steps to reproduce it, and any proof-of-concept material to our security contact. We aim to acknowledge new reports within five business days, and you're welcome to write to us in English or French.

Security contact
security@map.ca
Machine-readable
security.txt