For guidance on reporting security vulnerabilities to Gamalogic, please refer to this policy, which should be read in the context of the Gamalogic Terms of Use.

If you have found a vulnerability in any of Gamalogic's products (e.g., dashboard, API, Chrome extension, etc.), we encourage you to submit your report to us as soon as possible and to refrain from making the vulnerability public until it has been fixed and verified by Gamalogic.

While we greatly appreciate vulnerability disclosures from the community, no compensation will be given.

Gamalogic will not file a lawsuit against you or report you to law enforcement, provided the vulnerability is reported responsibly and meets the following criteria:

1.Disclosure Guide

• Notify Gamalogic of the vulnerability and provide all available details.
• Include sufficient detail to fully identify and reproduce the issue, such as the product, version, URL, requests/responses, screenshots, etc.
• Allow Gamalogic a reasonable time period to fix or address the issue before publicly disclosing it.
• During your research, avoid causing service disruptions, accessing private user data, or destroying user data.
• Avoid submitting reports from automated exploit scanning tools unless you have confirmed the issue's presence manually.
• Do not contact Gamalogic employees or users for phishing or social engineering purposes.

2.Categories to Look for Vulnerabilities

We encourage you to look for vulnerabilities in the following areas:

• SQL Injection
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• Authentication Bypass
• Insecure Direct Object References
• Remote Code Execution
• Sensitive Data Exposure

3.Vulnerability Categories that are Out of Scope

The following categories are considered out of scope and should not be explored during your vulnerability research:

• Denial of Service (DoS)
• SSL vulnerabilities (e.g., misconfiguration or version issues)
• Brute force attacks
• User enumeration
• Misconfigured flags on non-sensitive cookies
• Logout CSRF
• Issues present only in deprecated browsers or plugins
• Clickjacking on non-sensitive pages without authentication/state changes
• Vulnerabilities requiring users to perform highly unlikely actions (e.g., disabling browser security features)

4.How to Report Vulnerabilities

Please note that while we highly appreciate your efforts, no compensation may be expected as only critical vulnerabilities are eligible for consideration.

If you have identified a vulnerability, please contact us at info@gamalogic.com.