Security Policy

Last Updated: July 20, 2025

Security Vulnerability Disclosure Policy

At HACKSACK, we take security seriously. We appreciate the efforts of security researchers and the broader community in helping us maintain high security standards. This policy outlines how to report vulnerabilities and what to expect from us.

Reporting a Vulnerability

If you believe you've found a security vulnerability in any HACKSACK-owned repository, website, or service, please report it to us through our contact form. Please include the following information:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggestions for mitigation

What to Expect

When you submit a vulnerability report, you can expect:

• Acknowledgment of your report within 48 hours
• Validation and prioritization of your report
• Regular updates about our progress addressing the issue
• Credit for your discovery (if desired) once the issue is resolved

Scope

This policy applies to all HACKSACK-owned websites, applications, and services. The following are explicitly OUT of scope:

• Denial of service attacks
• Social engineering attacks
• Physical security attacks
• Third-party applications or services that we use but do not own

Safe Harbor

HACKSACK is committed to not pursuing legal action against security researchers who:

• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services
• Only interact with accounts they own or with explicit permission of the account holder
• Do not exploit a security issue for purposes other than verification

Acknowledgments

We believe in recognizing the valuable contributions of security researchers. With your permission, we will acknowledge your contribution on our Security Acknowledgments page once the issue has been resolved.

Questions

If you have any questions about this policy, please contact us through our contact form.