Security
Security is at the core of everything we do. Learn about our security practices and how to report vulnerabilities responsibly.
Our Security Commitment
At CreatorScript AI, we take security seriously. We implement industry-leading security practices to protect your data and ensure the integrity of our platform. Our security program is built on the principles of defense in depth, continuous monitoring, and proactive threat management.
Data Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
Access Controls
Multi-factor authentication, role-based access controls, and principle of least privilege.
Monitoring
24/7 security monitoring, intrusion detection, and automated threat response.
Compliance
Responsible Disclosure Policy
We believe that working with security researchers is crucial to keeping our users safe. If you discover a security vulnerability in our systems, we encourage you to report it through our responsible disclosure program.
What We Ask
- Report vulnerabilities as soon as possible after discovery
- Provide detailed information to help us reproduce and fix the issue
- Do not access, modify, or delete user data without explicit permission
- Do not perform actions that could harm our users or degrade our services
- Do not publicly disclose the vulnerability until we've had time to address it
- Act in good faith and avoid violating privacy, destroying data, or interrupting services
What We Promise
- Respond to your report within 48 hours with our assessment
- Work with you to understand and resolve the issue quickly
- Keep you informed about our progress throughout the process
- Recognize your contribution publicly (if you wish) after the issue is resolved
- Not pursue legal action against you if you follow this policy
Scope
Our responsible disclosure program covers:
- CreatorScript AI web application (*.creatorscript.app)
- API endpoints and services
- Mobile applications (when available)
- Infrastructure and cloud services directly managed by us
Out of Scope
- Third-party services and integrations not directly controlled by us
- Social engineering attacks against our employees
- Physical attacks against our facilities
- Denial of service attacks
- Issues in third-party applications or services
- Vulnerabilities requiring physical access to user devices
How to Report a Vulnerability
Primary Contact
Email: security@creatorscript.app
For sensitive reports, please use our PGP key available at creatorscript.app/pgp-key.txt
Information to Include
To help us understand and reproduce the vulnerability, please include:
- A clear description of the vulnerability and its potential impact
- Steps to reproduce the issue (proof of concept)
- The affected URL(s), parameter(s), or component(s)
- Screenshots or videos demonstrating the vulnerability (if applicable)
- Your assessment of the severity and potential business impact
- Any suggested remediation steps
- Your contact information for follow-up questions
Response Timeline
Security Acknowledgments
We would like to thank the following security researchers who have helped make CreatorScript AI more secure through responsible disclosure:
No security researchers have been acknowledged yet. Be the first to help us improve our security!
Note: Researchers are listed here with their permission after vulnerabilities have been resolved. If you prefer to remain anonymous, please let us know in your report.
Additional Security Resources
Questions About Security?
For general security questions or non-vulnerability related inquiries, contact our team: