1) Our Commitment
We care deeply about the security of our players and partners. If you discover a vulnerability in our websites, games, or infrastructure, please let us know so we can fix it quickly.
2) Scope
- Official domains and subdomains owned by Sencorp Games.
- Published game clients and backend services we operate.
- Beta/staging environments explicitly provided by us.
3) Out of Scope
- Denial of Service (DoS), brute force, or spam campaigns.
- Social engineering against employees or players.
- Vulnerabilities in third-party services outside our control.
- Low-risk issues such as missing security headers without demonstrable impact.
4) How to Report
Send an email to sencorpgames@gmail.com with:
- Clear description of the vulnerability and potential impact
- Steps to reproduce (PoC, screenshots, or short video)
- Affected asset (URL/app name/version/platform)
- Your contact details for follow-up
5) Do / Don’t
- Do: Act in good faith, minimize impact, and keep data confidential.
- Do: Stop testing immediately if you access personal or sensitive data by accident.
- Don’t: Exfiltrate, alter, or destroy data; maintain persistent access; or publicly disclose before remediation.
6) Safe Harbor
If you follow this policy and act in good faith, we won’t initiate legal action against you for your research. This safe harbor does not protect actions that are unlawful or that go beyond this policy’s bounds.
7) Triage & Timelines
- Acknowledge receipt within 72 hours.
- Initial triage within 5 business days.
- Remediation priority based on severity and impact.
8) Credit & Acknowledgements
With your permission, we may list your name/alias in our acknowledgements after the fix is released. No reward is guaranteed unless a separate program is announced.
9) Changes
We may update this policy as our products and infrastructure evolve. The latest version will always be published on this page.
10) Contact
Security reports & questions: sencorpgames@gmail.com
