RESPONSIBLE DISCLOSURE

Found a security issue? Please tell us before telling anyone else. We take reports seriously and will respond within 48 hours.

REPORT A VULNERABILITY

Please include a description of the issue, steps to reproduce, and the potential impact. We'll confirm receipt, investigate, and keep you updated on our fix timeline.

SCOPE

In scope: partly.games, api.partly.games, and active game instances. Out of scope: social engineering, physical attacks, denial-of-service.

OUR COMMITMENT

We won't take legal action against researchers who act in good faith. We'll credit you in our changelog if you'd like.