Security Policy
This policy sets expectations for responsible disclosure, platform monitoring, security controls, and service resilience.
Responsible disclosure
If a user discovers a vulnerability, the issue must be reported privately and responsibly to the company. Testing must be limited to what is minimally necessary to confirm the issue.
- Do not exploit vulnerabilities or access data that does not belong to you.
- Do not disclose vulnerabilities publicly without written authorization.
- Do not use vulnerabilities for leverage, extortion, competitive gain, or service disruption.
Monitoring and abuse prevention
The company may log access, review abuse indicators, monitor suspicious behavior, enforce rate limits, and use automated systems to detect scraping, fraud, or other platform abuse, to the extent permitted by law and for legitimate business and security purposes.
Availability and service expectations
The company uses reasonable measures to secure the platform, but does not guarantee uninterrupted availability or error-free operation. Security incidents, infrastructure failures, cyberattacks, utility issues, or other events beyond reasonable control may affect service continuity.
Force majeure
The company is not liable for delays or failures caused by events beyond reasonable control, including natural disasters, war, terrorism, public emergencies, infrastructure failures, supplier failures, labor disputes, cyberattacks, or government actions.