Inventor Logo

inventor.gg

Security Policy

Inventor is committed to the security of our services. We greatly appreciate responsible disclosure of security vulnerabilities.

If you believe you have found a security issue with the Inventor platform, we urge you to notify us as soon as possible. We investigate all reports and will do our best to fix the issue as soon as possible.

Researcher Rules

If you are a security researcher, we ask that you follow our rules while researching vulnerabilities to help protect our users and services:

  • Only test against accounts you control
  • Do not disrupt service for other users
  • Do not access, modify, or delete data that does not belong to you (if you are demonstrating a vulnerability, use multiple accounts you control)
  • Provide a reasonable amount of time for us to fix the vulnerability before publicly disclosing it
  • Provide a detailed report of the vulnerability, including steps to reproduce it
  • Do not publicly disclose a vulnerability until we have had a chance to fix it

Non-Qualifying Vulnerabilities

We are not interested in reports of the following types of vulnerabilities:

  • Denial of service attacks
  • Self-XSS
  • Clickjacking on pages with no sensitive actions
  • Social engineering of inventor.gg staff or users
  • Email spoofing or SPF/DKIM/DMARC-related issues
  • Vulnerabilities affecting users of outdated or unpatched browsers or platforms
  • Brute force attacks
  • Vulnerabilities requiring physical access to a user’s device

Safe Harbor

Security research activities conducted in compliance with the rules listed above will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in good faith and in compliance with this policy.

If automated or manual ToS action (account ban or suspension) is initiated against your account as a result of your research activities, please contact us and we will work with you to resolve the issue. We employ relatively aggressive automated filtering systems to prevent platform-wide abuse, which may inadvertently catch legitimate security research activity.

Rewards

We generally do not offer monetary rewards for reporting security vulnerabilities, although we may offer free access to paid products or other rewards at our sole discretion.

Contact

For security disclosures, please email security@inventor.gg with:

  • A detailed description of the vulnerability
  • Steps to reproduce the vulnerability
  • Any other relevant information
  • Contact information

Assuming your vulnerability report is valid, we will respond with a plan to resolve the issue, and will keep you updated on the status of the issue as we work to resolve it.

Modification

Inventor reserves the right to modify this policy at any time, with or without notification.