Operative — legal review in progress
This policy is current and operative; a final legal review is in progress — last updated 2026-07-11. It is written to be clear and protective, but it is not legal advice. If anything here conflicts with a signed agreement between you and Champlin Enterprises, that agreement controls.
How to report
Email security@safehavenkink.com with the details — what you found, where, and how to reproduce it. Encrypt if you can (PGP key on request). Please give us a reasonable window to fix it before any public disclosure.
Safe harbor
If you act in good faith under this policy — you don’t access more data than needed to demonstrate the issue, you don’t degrade the service, and you don’t disclose it publicly before we’ve fixed it — we will not pursue legal action, and we’ll credit you (if you want) once it’s resolved.
In scope
Anything affecting the confidentiality, integrity, or availability of member data or the platform: authentication, access control, injection, the DM/media pipeline, the moderation tooling.
Out of scope
Spam, social-engineering of our staff or members, physical attacks, and reports from automated scanners with no demonstrated impact.
We’re a small independent studio — we don’t run a paid bounty yet, but real, novel findings will be recognized and, where we can, rewarded.
Related policies