This document outlines the measures we take to protect your data and the responsibilities of users to maintain security.
To contact someone regarding security, please send a mail in-game to tiksan [2383326] with the title "[Security] - Brief description".
- Access to user data is restricted to authorized personnel only.
- We retain user data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy. Users can request deletion of their data at any time.
- Users are responsible for maintaining the confidentiality of their API keys and the security of their Tornium account. We recommend using two-factor authentication to further secure your account.
- Users are encouraged to report any suspicious activity or security incidents immediately to tiksan as outlined in Contact Details.
If you think you have found a potential security vulnerability in Tornium, please contact tiksan via Torn as described in Contact Details.
If English is not your first language, please try to describe the problem and its impact to the best of your ability. For greater detail, please use your native language and we will try our best to translate it using online services.
Describe the potential vulnerability and its potential impact to the best of your ability. If you know of a potential fix, feel free to include it in your message.
Once you have reported the potential vulnerability, we will respond to you within three days at most. If we fail to respond within this timeframe and you believe the issue is serious enough (e.g. API key leakage), you are welcome to elevate this to Torn staff. If we were able to rapidly reproduce the issue, the initial response will also contain confirmation of the issue. If we are not, we will often ask for more information about the reproduction scenario.
Once a fix is released or if the vulnerability is not addressed within 30 days, you are free to disclose the vulnerability. Otherwise, please do not disclose the vulnerability until a fix is released.