# Penetration Testing Policy

We welcome responsible security research and value the efforts of the security community to improve the safety and reliability of the **Load It Up** API and platform. However, to ensure the stability and integrity of our services, the following activities are **strictly prohibited** during any form of testing:

## ❌ Prohibited Activities

- **Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks**  
  Any testing intended to disrupt, degrade, or exhaust system resources is not allowed under any circumstance.

- **Brute-force attacks on endpoints or URLs**  
  This includes attempting to enumerate or guess item keys, tokens, or identifiers via automated or systematic requests.

- **Excessive or abusive traffic generation**  
  Including, but not limited to, high-frequency scanning, mass account creation, or resource-intensive queries that violate our documented rate limits.

## ✅ What You *Can* Do

We encourage testing within clearly defined, non-destructive limits. If you discover a security vulnerability, please report it to us directly via our security contact channel.

## Final Notes

Failure to comply with this policy may result in immediate suspension of access, including API key revocation and possible legal action if harm is caused to users, data, or infrastructure.

For more information or to coordinate responsible disclosure, please contact us at: **[security@loaditup.app]**