Security Policy - CraftedPool

CraftedPool is an independently developed platform. If you discover a security vulnerability, please report it responsibly so it can be addressed promptly.

Scope

In scope:

craftedpool.com and *.craftedpool.com
Accounts, billing, dashboards, and server pages

Out of scope:

Third-party services (Stripe, Cloudflare, hosting providers)
Social engineering, phishing, or DoS attacks

Reporting

Email security@craftedpool.com with a description of the issue, steps to reproduce, affected URLs, and any proof of concept. I'll aim to respond within 5 business days.

Rules

Only test on your own accounts
Don't access, modify, or delete other users' data
Don't disclose the issue publicly until it has been resolved
Keep testing non-destructive and within reasonable limits