Security Policy

Last updated: May 19, 2026

Language Monk welcomes good-faith reports about security issues that may affect our public website, student inquiry flow, booking flow, or private enrollment pages.

Security contact: [email protected]

Please include the affected page, a clear description of the issue, safe reproduction steps, and any screenshots that help us understand the concern.

Responsible testing

Do not attempt to access, alter, delete, or download anyone else’s data.
Do not run denial-of-service testing, spam testing, automated scraping, credential stuffing, or high-volume scans.
Do not submit payment information, passwords, private account credentials, or highly sensitive personal information through the contact form.
Do not test third-party systems such as Calendly, Formspree, Stripe, PayPal, YouTube, Zoom, or Google Meet unless their own policies allow it.
Report the issue privately and give Language Monk reasonable time to review it before public disclosure.

Scope

This policy covers the public Language Monk website at language-monk.com, public inquiry/booking flow, and private enrollment pages controlled by Language Monk.

Out of scope

Spam reports, social-engineering attempts, or issues requiring physical access to a device.
Third-party platform bugs outside Language Monk’s control.
Automated scanner findings with no clear, reproducible risk.

Data protection basics

Language Monk uses HTTPS, security headers, form spam protection, limited public checkout access, and third-party providers for scheduling, forms, and payments. Students should never send passwords, full payment-card numbers, or private account credentials through the contact form.

Preferred languages

Reports are preferred in English or Spanish.