Legal

Security & Vulnerability Disclosure

How to report a security vulnerability to undef games, and our safe-harbor commitment.

Effective date: June 28, 2026

We take the security of undef games (operated by MindTenet™ LLC) seriously. If you’ve found a vulnerability, we want to hear from you.

Reporting

Email [email protected] with:

We aim to acknowledge reports promptly and keep you updated as we investigate.

Safe harbor

If you make a good-faith effort to follow this policy, we will not pursue or support legal action against you for your research, and we’ll treat your report as authorized. This safe harbor does not apply if you break the law or the rules below.

Rules of engagement

Please do: test only against your own account or accounts you’re authorized to use; stop as soon as you find an issue and report it; and give us reasonable time to fix it before disclosing publicly.

Please don’t: access, modify, or delete other people’s data; run denial-of-service, spam, or social-engineering attacks; degrade the Services for others; or exfiltrate more data than needed to demonstrate the issue.

Scope

Our production Services and websites are in scope. Third-party services we use (such as Stripe or Cloudflare) have their own disclosure programs — please report issues in their systems to them.

A machine-readable version of this contact is published at /.well-known/security.txt.