This is a public draft for the early Appaloft Cloud website and should be reviewed by counsel before formal commercial launch.
Scope
The Appaloft website, console, authentication, deployment APIs, and official release assets are in priority scope. User-deployed third-party apps are not authorized test targets.
Testing rules
Avoid data destruction, persistence, social engineering, phishing, spam, DDoS, physical attacks, or accessing data you are not authorized to view.
Report content
Include impact, reproduction steps, screenshots or logs, affected URLs/APIs, suggested remediation, and your contact details.
Handling expectations
We will acknowledge reports, assess risk, schedule fixes, and coordinate disclosure timing where appropriate.
Contact
Send reports to [email protected]. Do not disclose exploitable details in public issues.