Security disclosure policy

Last updated: 2026-05-07

If you discover a security issue, thank you in advance for reporting it via the security report form.

Scope

• Production website and game routes on sparrowcanteen.com
• Cloudflare Worker/API behavior used by the site

Please include

• Affected URL(s)
• Clear step-by-step reproduction instructions
• Expected impact and any proof of concept details

Safe testing rules

• Please do not access, modify, or destroy data that is not your own
• Please do not run denial-of-service or resource exhaustion tests
• Please do not use social engineering, phishing, or physical attacks

Response expectations

• Reports are triaged in good faith
• You may be contacted for clarification if contact details are provided

Thank you!

• I do not offer a bug bounty, nor am I able to pay for any reports
• I will do my best to fix the issue as soon as possible
• Your assistance is greatly appreciated, the priority is to keep visitors safe and secure