MORE VIDEOS
Mag-explore pa

Security Policy & Responsible Disclosure

Effective Date: 2026

Last Updated: 2026

This Security Policy & Responsible Disclosure page explains how users, researchers, developers, creators, and members of the public can report security issues, vulnerabilities, abuse, exposed data, suspicious activity, or technical risks affecting Playflick.com, operated by Playflick™ Media .ltd.

Playflick takes platform security seriously. We want to protect users, creators, advertisers, payment systems, content, accounts, personal data, and the wider Playflick community.

This policy should be read together with our Terms of Service, Privacy Policy, Cookie Policy, Acceptable Use Policy, API & Developer Terms, Online Safety Policy, and Community Guidelines.

1. Who We Are

Operator: Playflick™ Media .ltd

Website: https://playflick.com

Business Address:
41 Norman Avenue
London
N22 5ES
United Kingdom

Security Contact Email: hello@playflick.com
Contact Page: https://playflick.com/contact-us

2. Purpose of This Policy

This policy is designed to help security researchers and users report security issues safely and responsibly.

We encourage responsible reporting of genuine vulnerabilities so we can investigate and improve Playflick’s security.

This policy does not give permission to attack, disrupt, damage, access, copy, extract, modify, or misuse Playflick systems, data, users, accounts, content, payments, or third-party services.

3. What You Can Report

You may report security issues such as:

  • Account takeover vulnerabilities
  • Authentication bypass
  • Authorisation issues
  • Cross-site scripting
  • SQL injection
  • Command injection
  • Server-side request forgery
  • Remote code execution
  • File upload vulnerabilities
  • Access control weaknesses
  • Exposed API keys, tokens, credentials, or secrets
  • Data exposure
  • Insecure direct object references
  • Payment security concerns
  • API security issues
  • Privilege escalation
  • Session security problems
  • Misconfigured storage or public files
  • Security issues affecting users, creators, advertisers, or administrators

4. How to Report a Security Issue

Please report security issues to:

Email: hello@playflick.com
Contact Page: https://playflick.com/contact-us

Please include:

  • A clear description of the security issue
  • The affected URL, endpoint, page, feature, or system
  • Steps to reproduce the issue safely
  • Screenshots or screen recordings, if helpful
  • The browser, device, or tools used
  • The possible impact of the issue
  • Your contact details if you want a response
  • Whether any data may have been accessed accidentally

Please do not include unnecessary personal data, passwords, full payment details, or private information belonging to other users.

5. Responsible Disclosure Rules

If you discover a vulnerability, you must act responsibly.

You must:

  • Report the issue promptly to Playflick
  • Use only your own account or test account where possible
  • Stop testing immediately if you access data that does not belong to you
  • Avoid accessing, copying, modifying, deleting, or sharing user data
  • Avoid disrupting Playflick services
  • Give us reasonable time to review and address the issue before public disclosure
  • Keep vulnerability details confidential until we have investigated
  • Follow applicable laws and this policy

6. Prohibited Security Testing

You must not perform testing that harms Playflick, users, creators, advertisers, payment systems, infrastructure, or third-party services.

Prohibited activity includes:

  • Denial-of-service attacks
  • Traffic flooding
  • Spam attacks
  • Brute-force attacks
  • Password spraying
  • Credential stuffing
  • Phishing
  • Social engineering
  • Physical attacks
  • Malware deployment
  • Ransomware
  • Data exfiltration
  • Accessing accounts without permission
  • Changing or deleting data that is not yours
  • Downloading videos, private files, databases, backups, or logs without permission
  • Testing payment systems with stolen or unauthorised payment methods
  • Attacking third-party services used by Playflick
  • Attempting to access admin panels, staff accounts, internal systems, or hosting accounts without permission
  • Publicly disclosing a vulnerability before Playflick has had a reasonable opportunity to investigate

This policy does not authorise illegal activity, unauthorised access, or harmful testing.

7. Out-of-Scope Reports

Some reports may be considered low priority or out of scope unless they show a clear security impact.

Examples may include:

  • General best-practice suggestions without a demonstrated vulnerability
  • Missing security headers with no clear exploit path
  • Clickjacking reports on pages that do not expose sensitive actions
  • Self-XSS requiring users to paste code into their own browser console
  • Logout CSRF without demonstrated security impact
  • Rate-limit concerns without abuse impact
  • Username or email enumeration without a practical exploit
  • Reports generated only by automated scanners without verification
  • Known public issues in third-party software where no Playflick-specific impact is shown
  • Social engineering or phishing simulations
  • Physical security issues
  • Issues affecting outdated browsers or unsupported devices only

We may still review such reports, but we may not respond in detail to every out-of-scope submission.

8. Data Handling During Security Research

If you accidentally access personal data, private content, credentials, logs, payment information, or other sensitive data while testing, you must stop immediately and report the issue.

You must not:

  • Copy the data
  • Save the data
  • Share the data
  • Modify the data
  • Delete the data
  • Use the data
  • Contact affected users directly
  • Publicly disclose the data

Tell us what happened, what data may have been exposed, and how the exposure occurred.

9. No Bug Bounty Unless Stated

Playflick does not currently guarantee payment, rewards, bounties, compensation, gifts, credits, public recognition, or employment opportunities for security reports unless we expressly agree in writing.

Submitting a report does not create any right to payment or reward.

10. Good-Faith Reports

We appreciate good-faith reports that help improve Playflick’s security.

If you follow this policy and act responsibly, we will aim to review your report in good faith.

However, we may take action if your activity is harmful, unlawful, abusive, disruptive, extortionate, deceptive, or outside this policy.

11. Extortion and Threats

You must not use a vulnerability, report, or security issue to threaten Playflick, users, creators, advertisers, staff, or third parties.

Prohibited behaviour includes:

  • Demanding payment to avoid disclosure
  • Threatening to leak data
  • Threatening to damage systems
  • Threatening to contact users or media unless paid
  • Using a vulnerability for blackmail
  • Selling vulnerability details to third parties

We may report extortion, threats, data theft, or harmful activity to law enforcement.

12. Security of Your Own Account

Users are responsible for keeping their own Playflick accounts secure.

We recommend that users:

  • Use a strong and unique password
  • Do not reuse passwords from other websites
  • Keep email accounts secure
  • Enable two-factor authentication where available
  • Do not share login details
  • Be careful with suspicious links or messages
  • Log out from shared devices
  • Keep browsers and devices updated
  • Report suspicious account activity promptly

13. Reporting Account Compromise

If you believe your Playflick account has been hacked, accessed without permission, or used fraudulently, contact us.

Email: hello@playflick.com

Please include:

  • Your account email
  • Your username or channel name
  • A description of what happened
  • When you noticed the issue
  • Any suspicious emails, links, transactions, uploads, messages, or account changes

We may need to verify your identity before helping with account recovery.

14. Playflick Security Measures

Playflick may use technical and organisational measures to protect the platform.

These may include:

  • SSL/TLS encryption
  • Password hashing
  • Access controls
  • Administrative permissions
  • Logging and monitoring
  • Security reviews
  • Anti-spam systems
  • Fraud detection
  • Rate limiting
  • Backups
  • Server hardening
  • File upload controls
  • Moderation tools
  • Third-party security services where appropriate

No online service is completely secure, and we cannot guarantee that Playflick will be free from every vulnerability, attack, bug, outage, or security incident.

15. Third-Party Services

Playflick may use third-party services for hosting, storage, payments, analytics, email, security, advertising, content delivery, video processing, livestreaming, push notifications, login, and other features.

Security issues affecting third-party services should generally be reported to those third parties directly, unless the issue directly affects Playflick users or Playflick systems.

16. Investigation and Response

After receiving a security report, Playflick may:

  • Review the report
  • Request more information
  • Attempt to reproduce the issue
  • Assess severity and impact
  • Apply fixes or mitigations where appropriate
  • Notify affected users where required
  • Notify regulators or authorities where required
  • Preserve logs or evidence
  • Restrict accounts or access if abuse is detected

We may not provide detailed information about internal systems, security controls, fixes, investigations, or affected data where doing so may create security, privacy, legal, or operational risk.

17. Public Disclosure

Do not publicly disclose vulnerability details before Playflick has had a reasonable opportunity to investigate, validate, and address the issue.

Public disclosure without coordination may put users, creators, advertisers, data, or systems at risk.

We may ask you to delay disclosure while we investigate and apply reasonable fixes or mitigations.

18. Legal Notice

This policy is not permission to break the law or access systems, data, accounts, or content without authorisation.

Playflick reserves all rights and remedies where activity is unlawful, harmful, abusive, fraudulent, disruptive, extortionate, or outside this policy.

19. Changes to This Security Policy

We may update this Security Policy & Responsible Disclosure page from time to time.

Changes may reflect new security practices, technical systems, reporting processes, legal requirements, or platform features.

20. Contact Us

For security reports, vulnerability reports, account compromise, exposed data, or suspicious technical activity, contact:

Playflick™ Media .ltd
41 Norman Avenue
London
N22 5ES
United Kingdom

Security Email: hello@playflick.com
Contact Page: https://playflick.com/contact-us
Website: https://playflick.com

21. Footer Notice

© 2026 Playflick™ Media .ltd. All rights reserved.
Playflick™ is a trademark of Playflick™ Media .ltd.