Scope
Effective and last updated: June 17, 2026.
In-scope systems are public BRIK64 web surfaces, beta access request flows, login/signup surfaces, and shop pages operated from brik64.com. Third-party services, social accounts, physical attacks, employee devices, and systems not controlled by BRIK64 are out of scope.
Allowed research
Good-faith, low-volume testing is allowed when it does not degrade availability, access data that is not yours, bypass payment systems, or affect other users.
Not allowed
Do not perform denial-of-service testing, social engineering, spam, phishing, malware use, persistence, destructive testing, or public disclosure before coordinated review.
How to report
Use security@brik64.com for security reports or the published contact route on brik64.com for other requests. Include the affected URL, reproduction steps, expected impact, screenshots or minimal evidence if safe to share, and your preferred contact method. Do not include secrets, private data, exploit payloads beyond what is necessary, or third-party data. BRIK64 does not promise a bug bounty, public recognition, or disclosure approval unless a separate written program says otherwise.