This Security Policy applies to the public Spyber Polymath website, including pages, contact workflows, project content rendering, and infrastructure-level protections used for availability and abuse prevention.

It does not cover third-party platforms linked from the website, such as external repositories, social networks, sponsorship services, affiliate providers, payment processors, or communication tools controlled by other organizations.

Where a client engagement requires separate contractual controls, those signed terms and security requirements will take priority over this general website policy.

Reasonable technical controls are used to reduce risk, including secure transport expectations, request validation, anti-abuse checks, and defensive browser policy headers where supported by hosting and deployment configuration.

Contact workflows may use challenge-response checks, input constraints, and throttling controls to reduce automated submissions, spam activity, and malicious payload attempts.

Public project content is reviewed and processed with defensive handling to reduce script injection and unsafe markup risks before rendering in the website interface.

If you discover a potential security issue, report it privately to [email protected] with clear reproduction steps, affected URLs, observed impact, and suggested mitigations where possible.

Do not publicly disclose a suspected vulnerability before remediation is confirmed. Coordinated, good-faith disclosure helps protect visitors and prevents avoidable exploitation.

Testing that causes service disruption, unauthorized data access, social engineering, or denial-of-service behavior is not authorized without explicit prior written permission.

Security monitoring and anti-abuse controls may process limited technical metadata such as IP information, request timing, user-agent patterns, and validation outcomes for defensive purposes.

Security-related logs are retained only as long as reasonably needed for incident investigation, abuse prevention, and operational integrity, then rotated or deleted according to practical retention limits.

Spyber Polymath does not intentionally collect passwords, private keys, or production secrets through ordinary website forms. Sensitive credentials should never be shared through public contact channels.

No internet-facing system can guarantee complete protection at all times. Security controls reduce risk but cannot eliminate every threat, vulnerability, or third-party dependency failure.

Visitors and collaborators should apply their own security review and validation before relying on any technical content, code, or operational recommendations published on this website.

This policy may be updated as infrastructure, threat models, legal obligations, and operational practices evolve. The updated date reflects the latest revision.