Rib CreativeStart

Security Policy

Rib Creative protects the platform through technical and organizational safeguards, but customers also share responsibility for project configuration, exported apps, secrets, end-user data, connected providers, and payment activity.

Customer responsibilities

  • Protect account credentials, sessions, OAuth grants, API keys, payment keys, and project secrets.
  • Use least-privilege access for workspace members, admins, repositories, databases, and providers.
  • Review generated code, dependencies, database rules, auth logic, and payment flows before production.
  • Maintain exported apps, dependencies, hosting, backups, patches, monitoring, and incident response.
  • Do not paste sensitive secrets or regulated data into prompts unless you are authorized to do so.

Prohibited security activity

Do not perform penetration testing, scanning, fuzzing, scraping, load testing, exploit attempts, social engineering, credential attacks, data exfiltration, or denial-of-service activity against Rib Creative, hosted apps, users, providers, or infrastructure without prior written authorization.

Vulnerability disclosure

If you believe you found a vulnerability, email support@ribcreative.com with a concise report, affected URL or component, reproduction steps, impact, and any safe proof of concept. Avoid accessing, modifying, deleting, downloading, or disclosing data that does not belong to you.

Safe harbor limits

Rib Creative will not treat good-faith vulnerability reports as policy abuse when the researcher avoids harm, respects privacy, stops after confirming the issue, and gives Rib Creative reasonable time to investigate and remediate. This does not authorize unlawful activity, extortion, public disclosure before remediation, or testing of third-party systems.

Incident handling

Rib Creative may investigate security events, preserve logs, rotate secrets, revoke tokens, suspend access, disable connectors, unpublish apps, contact providers, or notify affected users when needed to protect the platform, customers, end users, or third parties.