Skip to main content

Security Policy

Last updated: December 26, 2025

Note: The Site does not use user accounts (no login/password). However, the Site may process form submissions (phone/email/handles) and Challenge-related data, so we want to address security issues quickly.

Reporting a vulnerability

If you believe you found a vulnerability or security issue (e.g., XSS, unsafe redirects, sensitive data exposure, improper access to Challenge/tree data), please:

  1. Contact us via any available channel on the Site (contact form or the contact method listed in the footer/social links).
  2. Include details: URL, steps to reproduce, screenshots/videos, expected vs actual behavior.
  3. Avoid public disclosure until we have a reasonable chance to investigate and fix the issue.

Please do not

  • Perform DoS/DDoS attacks.
  • Attempt to access data that does not belong to you.
  • Use social engineering against people associated with the project.

Thank you for helping keep the Site secure.