Security Vulnerability DisclosureIntroduction
The security of our system and the privacy of your data are top priorities. We work hard to protect the information you entrust to us.
We are a small company and our users are not maintaining data that is highly secure and sensitive. But we still treat their information and highly confidential and worthy of protection.
If you've found a potential security vulnerability, we would be grateful for your help in identifying and fixing it. This page outlines how you can safely and responsibly report your findings. (last updated: 2025-10-21 02:44:23)How to Report
Please send your report to: tony@digitalfire.com
To help me understand and fix the issue as quickly as possible, please include as much of the following information as you can:
A clear description of the vulnerability.
The steps to reproduce the issue. What did you do? What did you expect to happen? What actually happened?
The potential impact of the vulnerability. For example, could it allow someone to view another studio's data?
Screenshots, screen recordings, or any other supporting evidence if applicable. (last updated: 2025-10-21 02:46:00)What Happens Next
We are committed to being transparent and keeping you informed throughout the process.
Acknowledgement: We will personally review your report and aim to send you an acknowledgement within 48 hours.
Assessment: We will investigate the issue to determine its severity and validity.
Resolution: We will prioritize fixing the vulnerability based on its severity.
Communication: We will keep you updated on my progress and let you know when a fix has been deployed.
(last updated: 2025-10-21 02:34:16)What We Are Looking For
We welcome reports on any vulnerabilities that could compromise the confidentiality, integrity, or availability of user data within the your account. This includes things like:
Being able to access or modify another accounts information.
Noting unexpected data within your account.
Finding a way to bypass the login screen and access an account.
Discovering a way to inject malicious code that could affect other users (e.g., Cross-Site Scripting).
Any other weakness that could lead to a significant data breach.
(last updated: 2025-10-21 02:36:23)What is Out of Scope
Please avoid reporting the following types of issues:
Vulnerabilities in third-party services we use (e.g., our payment processor or email provider).
Reports requiring physical access to a user's device or our servers.
Denial of Service (DoS) or other attacks that could disrupt service for all users. That being said, please do notify us if the server is unresponsive to we can block malicious IP addresses or user agents.
Social engineering attempts (e.g., phishing) targeting other users.
Issues that have a negligible security impact (e.g., missing security headers, typos in the text). That being said, we do appreciate hearing about cosmetic and accuracy issues on any page.
(last updated: 2025-10-21 02:39:21)A Note on Safe Harbour
Our goal is to learn about and fix security issues, not to punish the people who report them.
If you follow the guidelines on this page and report a vulnerability in good faith, we are grateful for your actions, considering them to be authorized and helpful (we certainly will not pursue legal action against you). "Good faith" means you're not trying to harm the system or its users, but are instead helping us improve security for everyone.
Please do not:
Exfiltrate, modify, or delete data that is not your own.
Use the vulnerability to disrupt service for others.
Publicly disclose the vulnerability until I have had a reasonable time to address it.
(last updated: 2025-10-21 02:42:17)Thank You
On behalf of all the potters and technicians who use this system, thank you for taking the time to help keep our community safe. Your efforts are deeply appreciated.
(last updated: 2025-10-21 02:47:24)
This document was last updated 2025-10-21 02:47 in section "Introduction".
Home