Bug reports
For non-security issues that affect your experience on the site.
- Broken pages, buttons, or forms
- Display or layout problems
- Incorrect vocabulary, levels, or article content
- Account, login, or notification issues
Report a Bug or Security Issue
Help us keep Text in Levels safe and reliable. Whether you found a broken feature, incorrect content, or a potential security vulnerability — we appreciate clear, responsible reports from our community.
Security vulnerabilities
For issues that could expose data, accounts, or system integrity.
- Authentication or authorization flaws
- Cross-site scripting (XSS) or injection risks
- Data exposure or privacy leaks
- Server or API misconfigurations
What to Include in Your Report
The more detail you provide, the faster we can investigate and fix the issue.
- Clear summary A short title describing the bug or vulnerability in one sentence.
- Steps to reproduce Numbered steps so we can see the same behavior on our side.
- Expected vs. actual result What should happen, and what actually happened instead.
- URL and environment The page URL, browser, device, and whether you were logged in.
- Screenshots or recordings Visual proof helps us confirm UI bugs quickly.
- Impact (for security reports) Who could be affected, what data might be exposed, and how severe you believe it is.
Scope
We welcome reports for the Text in Levels website and its directly related services.
In scope
textinlevels.com, textinlevels.ir, authenticated user areas, public APIs we operate, and official site features (reading, vocabulary, accounts, push notifications).
Preferred channel
Email us at rezaalie70@gmail.com with subject line Security Vulnerability Report or Bug Report.
Third-party services
Issues in Google Sign-In, hosting providers, or ad networks should be reported to those providers unless they directly affect our implementation.
Responsible Disclosure Policy
If you believe you have found a security vulnerability, please report it to us privately before sharing it publicly. We ask researchers and users to:
- Report in good faith Give us reasonable time to investigate and remediate before public disclosure.
- Avoid harm Do not access, modify, or delete data that is not yours. Do not perform denial-of-service attacks.
- Keep it confidential Do not share exploit details publicly until we have addressed the issue or agreed on a timeline.
- One issue per report Separate unrelated findings so we can track and prioritize them accurately.
Important
Do not test vulnerabilities against other users' accounts or real learner data. Use your own test account whenever possible.
How We Respond
We review every report. Timelines may vary by severity, but we aim to follow this process:
1–3 days
Acknowledgment
We confirm receipt of your report and ask for clarification if needed.
1–2 weeks
Investigation
We reproduce the issue, assess impact, and prioritize a fix for confirmed vulnerabilities.
After fix
Resolution update
We notify you when the issue is resolved or if we need more time for complex cases.
Safe Harbor
We support good-faith security research on our in-scope systems. If you follow this policy — including avoiding privacy violations, data destruction, and service disruption — we will not pursue legal action against you for your research activities.
We may be unable to provide monetary rewards at this time, but we sincerely appreciate responsible reports and will credit researchers by name if they wish, once the issue is resolved.
Out of Scope
The following reports are unlikely to qualify as security vulnerabilities:
Social engineering
Phishing, impersonation, or attacks targeting users outside our platform.
Missing best practices
Reports without demonstrable impact, such as generic security headers without exploitation.
Spam or abuse
User-generated spam in comments — please use moderation tools or contact support.
Content errors
AI-generated factual mistakes in articles — use the Report error button or our Integrity page.
Ready to send a report?
Email us with as much detail as possible. We read every message and take security seriously.