The CloudCredits.io team takes security seriously. If you discover a vulnerability, please email security@t3sh.com with the details. Include steps to reproduce, potential impact, and any suggested mitigations. We will acknowledge receipt within 3 business days and aim to provide an initial response within 7 business days.

Please do not open a public issue for security vulnerabilities. If you need to encrypt your report, request our PGP key in your initial message.

This policy covers the CloudCredits.io website, infrastructure, and all code in this repository. Third-party services we rely on should be reported directly to the service provider.

We follow a coordinated disclosure approach. Once a fix is available, we will credit you (if desired) and publish a summary of the issue and remediation steps.