Security Policy
Last updated: 13 July 2026
We welcome responsible reports about vulnerabilities affecting the Super Sean 007 website, Cloudflare Functions, cloud saves, Party Link signalling or game delivery infrastructure.
How to report
Use the repository’s private GitHub Security Advisory form. Do not post exploit details, cloud sync IDs, player saves or admin credentials in a public issue.
Include
- The affected URL or component.
- Clear reproduction steps.
- Expected and actual impact.
- A minimal proof of concept that does not expose another player’s data.
- Your preferred contact details and attribution choice.
Good-faith research
Please avoid privacy violations, destructive testing, denial of service, automated high-volume scanning, accessing data that is not yours, social engineering and disruption of normal play. Stop testing and report immediately if you encounter player data or credentials.
Our response
We will acknowledge actionable reports when contact details are available, investigate the issue, and coordinate a fix and disclosure timeline according to severity. We cannot offer a guaranteed bounty.
Scope notes
Third-party advertising content is operated by its respective network. Reports about ads should still be sent to us when the issue is caused by our integration or exposes Super Sean 007 data.