NEW Crafty AI: Australian Made AI Platform Australian Made

Coordinated Vulnerability Disclosure

Last updated: 5 November 2025

Security is important to Data Craftsman. We welcome reports of potential vulnerabilities discovered in our website and services and we are committed to working with the community to verify, reproduce, and remediate issues in a timely and responsible manner.

Scope

This policy applies to our publicly accessible web properties operated by Data Craftsman, including:

  • datacraftsman.com.au

Out of scope:

  • Third-party platforms, services, or libraries we rely on
  • Social engineering, physical security, or non-technical attacks
  • Denial of Service (DoS/DDoS), spam, and volumetric attacks
  • Automated scanning that degrades service quality

Safe Harbour

If you make a good-faith effort to comply with this policy while researching and reporting a vulnerability, we will not initiate legal action against you for your research activities. We ask that you:

  • Avoid privacy violations and data destruction
  • Only access data you own or have explicit permission to access
  • Avoid service degradation or disruption
  • Do not exfiltrate data; use minimal proof of concept
  • Give us reasonable time to remediate before public disclosure

How to Report

Email: support@mail.datacraftsman.com.au

Please include the following:

  • Summary of the issue and potential impact
  • Steps to reproduce (clear, deterministic)
  • Affected URL(s), parameters, and HTTP requests/responses where relevant
  • Any screenshots, PoC code, or short video demonstrating the issue
  • Your contact details for follow-up

Response Targets

  • Acknowledgement: within 7 business days
  • Initial triage: within 10 business days
  • Remediation timeline: based on severity and complexity

We may provide status updates during investigation and remediation. Once resolved, we may credit your contribution with consent.

Recognition & Rewards

We do not operate a bug bounty program at this time. Responsible reports are appreciated and may be acknowledged publicly with consent.

Responsible Disclosure

Do not publish or share details of the vulnerability until we have confirmed remediation or mutually agreed a disclosure timeline. If the issue affects a third-party dependency, we may coordinate with that vendor or maintainer.

Disclaimer

The information provided on this website does not constitute professional advice, and should not be relied upon as such. No client relationship is formed by accessing or using this website. Users are advised to seek their own professional advice before acting on any information provided or generated herein. datacraftsman.com.au and its contributors accept no liability for any loss, injury or damage caused by reliance on the information provided or generated.