Security

Security Approach

We design automation with repeatability, least privilege, change traceability, and rollback planning in mind. Security expectations for each engagement should be documented in the applicable project agreement.

Data Handling

• Access to client environments should be scoped to the work being performed.
• Credentials and secrets should be exchanged through approved secure channels.
• Production access, logging, retention, and evidence handling should be agreed before work begins.

Responsible Disclosure

If you believe you have found a security issue involving Creepysoft Technologies systems or website assets, email contact@creepysofttech.com with a clear description and steps to reproduce. Please avoid accessing, modifying, or exposing data that does not belong to you.

Incident Contact

Security-sensitive messages can be sent to contact@creepysofttech.com or raised by phone at 703-473-9030.

Disclosure Expectations

Reports should include enough detail to reproduce and evaluate the issue. We prioritize good-faith reports and ask researchers to avoid privacy violations, service disruption, data destruction, or accessing data that is not their own.