Security Policy

At The Cricket Standard, we take security seriously. We appreciate the work of security researchers who help us keep our platform and users safe.

Reporting a Vulnerability

If you believe you've found a security vulnerability in our website or services, please report it to us responsibly. We request that you:

• Email us at security@thecricketstandard.com
• Provide a detailed description of the vulnerability
• Include steps to reproduce the issue
• Allow us reasonable time to address the issue before any public disclosure
• Do not access or modify other users' data
• Do not perform actions that could harm the availability of our services

What We Promise

• We will acknowledge your report within 48 hours
• We will keep you informed of our progress
• We will not take legal action against researchers who follow responsible disclosure
• We will credit you in our acknowledgments page (if you wish)

Scope

The following are in scope for our security policy:

• thecricketstandard.com and all subdomains
• Our public APIs
• Authentication and authorization systems
• User data protection

Out of Scope

The following are out of scope:

• Social engineering attacks
• Physical attacks
• Denial of service attacks
• Spam or social media manipulation
• Third-party services we use

Security Measures

We implement industry-standard security measures including:

• HTTPS encryption for all communications
• Content Security Policy (CSP) headers
• HTTP Strict Transport Security (HSTS)
• Regular security audits and updates
• Secure coding practices
• Rate limiting and abuse prevention