Security & Vulnerability Disclosures
Last Updated: June 2026
Our Architectural Baseline
At Joystack, we prioritize robust full-stack engineering standards. By decoupling frontends onto global edge layers (like Cloudflare Pages) and securing backend Django APIs through strict proxy connection pools, we proactively minimize typical surface vectors for DDoS and malicious database injections.
Vulnerability Reporting Policy
We welcome white-hat research and testing targeting our public-facing endpoints. If you identify a security flaw, authentication bypass, or infrastructure configuration oversight, please report it directly to our engineering lead before making any public disclosures.
Submission Guidelines
When routing threat vectors to our technical team, please include a comprehensive trace, including explicit reproduction steps, target endpoint payloads, and potential impact assessments. We will review your brief within 48 business hours to establish a patch sequence.
Exclusions
Automated spam volume scripts, social engineering schemes against our specialized development team, or brute-force testing targeting client subdomains are strictly outside the boundaries of permissible evaluation.