fanhaze
Responsible disclosure

Security at Fanhaze

We take the security of our creators and fans seriously. If you believe you've found a vulnerability, we want to hear from you — and we'll work with you to confirm and fix it quickly.

How to report

Email security@fanhaze.com with enough detail for us to reproduce the issue. Please include:

Our machine-readable contact details are published at /.well-known/security.txt (RFC 9116).

Our commitment to you (safe harbor)

If you make a good-faith effort to follow this policy, we will not pursue or support legal action against you for your research, and we'll treat your report confidentially. We'll acknowledge your report, keep you updated as we investigate, and let you know when the issue is resolved. With your permission, we're glad to publicly credit you once a fix has shipped.

Please do

Please don't

Scope

Our web platform and API are in scope. Generally out of scope: reports with no realistic security impact (e.g. missing best-practice headers without a demonstrated exploit), denial-of-service, spam or rate-limit volume tests, and issues requiring a rooted/jailbroken device or an already-compromised account.

Response targets

We aim to acknowledge new reports promptly and to prioritize by severity — critical issues affecting user safety or data are actioned immediately. We'll keep you informed through to a fix.

Looking to report abusive content or appeal a moderation decision instead? See the Trust Center.

18+

Adults only — 18+

This site contains adult content intended for adults aged 18 or older. By entering you confirm that you are at least 18 and that viewing adult content is legal where you live.

Leave

Region-restricted where required by law.