SECURITY AND RESPONSIBLE DISCLOSURE NOTICE
Last Updated: July 11, 2026
Effective Date: July 11, 2026
1. PURPOSE
Cruality LLC uses administrative, technical, and organizational measures designed to protect Crualitics and the personal information processed through it.
No online service can guarantee absolute security. This Notice describes general practices and the process for reporting a suspected vulnerability. It is not a warranty, certification, penetration-test report, or promise that every listed control applies identically to every component at every moment.
2. GENERAL SECURITY PRACTICES
Depending on the system and provider, security measures may include:
- encrypted HTTPS/TLS connections;
- password hashing;
- authentication and access controls;
- rate limiting and abuse prevention;
- provider-managed encryption at rest;
- database access restrictions;
- logging and monitoring;
- backups and recovery procedures;
- dependency and configuration maintenance;
- separation of development and production access where implemented; and
- incident investigation and response procedures.
3. USER RESPONSIBILITIES
Users should:
- use a strong, unique password;
- protect account credentials and devices;
- avoid sharing one-time codes;
- keep contact information current;
- sign out of shared devices;
- report suspected unauthorized access; and
- avoid placing information in the Service that is not reasonably necessary.
4. RESPONSIBLE DISCLOSURE
Report a suspected vulnerability to:
CrualityLLC@gmail.com
Use the subject line:
SECURITY VULNERABILITY REPORT — CRUALITICS
Include, when possible:
- the affected URL, feature, or endpoint;
- a clear description;
- steps to reproduce;
- potential impact;
- screenshots or proof-of-concept material that does not expose unrelated user data; and
- contact information for follow-up.
5. AUTHORIZED RESEARCH CONDITIONS
Cruality LLC asks researchers to:
- act in good faith;
- avoid privacy violations and unauthorized access to user content;
- avoid data destruction, service disruption, social engineering, spam, extortion, or physical testing;
- use the minimum testing necessary to confirm the issue;
- stop testing and report immediately if sensitive information is encountered;
- not publicly disclose an unresolved issue without allowing reasonable time for investigation and remediation; and
- comply with applicable law.
This Notice does not authorize testing that would otherwise be unlawful and does not create a promise of payment or a bug bounty.
6. RESPONSE
Cruality LLC may acknowledge a report, request more information, investigate, and take remediation steps according to severity and available resources.
We cannot guarantee a particular response time, remediation date, reward, or public credit.
7. SECURITY INCIDENTS
If Cruality LLC determines that a security incident requires notice, it will provide notice in accordance with applicable law. The form and timing depend on the facts, legal requirements, law-enforcement considerations, and available contact information.
8. CONTACT
Cruality LLC
Platform: Crualitics
Email: CrualityLLC@gmail.com