Security & Responsible Disclosure Policy

1. Overview

CryptoPrizeGuy takes the security of our users and systems seriously.

If you believe you have found a security vulnerability in our website, services, or infrastructure, please report it responsibly so we can investigate and fix it quickly.

2. How to report a vulnerability

Email [email protected] with as much detail as possible, including:

• The affected URL, feature, or system
• Steps to reproduce the issue
• Proof-of-concept code, screenshots, or screen recordings
• The potential impact

If you wish to encrypt your report, let us know and we can provide a PGP key.

3. Our commitment to you

If you act in good faith and follow this policy, we will:

• Acknowledge your report within a reasonable timeframe
• Investigate and validate the issue
• Work to fix confirmed vulnerabilities as quickly as practical
• Keep you informed of progress where appropriate
• Not pursue legal action for responsible disclosure

We appreciate the work of security researchers and will credit reporters where appropriate unless you request otherwise.

We do not operate a bug bounty or provide monetary rewards at this time.

4. Responsible disclosure guidelines

Please do not:

• Exploit a vulnerability beyond what is necessary to demonstrate it
• Access, modify, or delete other users' data
• Perform denial-of-service attacks or spam
• Publicly disclose the issue before we have had a reasonable opportunity to investigate and remediate it

5. Out of scope

The following are not considered vulnerabilities under this policy:

• Social engineering or phishing attacks against staff or users
• Physical attacks or attempts to access offices, devices, or employees
• Denial-of-service (DoS/DDoS) attacks
• Issues in third-party services we do not control unless you can demonstrate a direct, exploitable impact on CryptoPrizeGuy
• Reports without a clear security impact