Security and Responsible Disclosure

This page describes how WarpSite approaches the security of its platform and how security researchers can report potential vulnerabilities to us. We take the protection of agency and end-client data seriously, and we welcome good-faith reports that help us keep the platform safe.

Last updated: June 11, 2026

WarpSite is a self-hosted, white-label client-site platform used by marketing agencies to build, host, and manage websites for their own clients. Security is built into how we design, operate, and maintain the platform. The summary below describes our practices at a high level and is not an exhaustive technical specification.

• Encryption in transit. Traffic to and from the platform, the admin interface, and the websites we publish is served over HTTPS using current TLS encryption. We work to keep visitor and operator data protected as it moves across networks.
• Access controls and least privilege. Access to production systems and data is restricted to the people who need it to do their jobs, and only to the extent they need it. We use role-based access and follow the principle of least privilege.
• Reputable infrastructure providers. We build on established, security-focused providers. Cloudflare, Inc. provides static site hosting, content delivery, and object storage, and Railway Corp. provides application hosting and our PostgreSQL database. These providers maintain their own security and compliance programs. You can review the full list of providers we rely on on our sub-processors page.
• Tenant isolation. The platform is multi-tenant by design. Each agency and its client sites are logically separated so that one tenant cannot access another tenant's content, media, or data.
• Regular updates. We keep our application and its dependencies maintained, and we apply security-relevant updates as part of our normal operations.

No system can be guaranteed to be perfectly secure. We treat security as an ongoing process and continue to improve our practices over time.

We value the work of the security research community. If you believe you have found a security vulnerability in the WarpSite platform or our marketing website, we want to hear from you. This policy explains how to report an issue in good faith and what you can expect from us in return.

Please send your report by email to [email protected]. To help us understand and resolve the issue quickly, please include as much of the following as you can:

• A clear description of the vulnerability and the type of issue it is.
• Step-by-step instructions to reproduce the issue.
• The potential impact, including what an attacker could do if the issue were exploited.
• Any proof-of-concept code, screenshots, request or response samples, or other supporting material.
• The affected URL, page, or component, and any account or environment details relevant to the report.

Please give us a reasonable amount of time to investigate and address the issue before disclosing it publicly. We will work with you in good faith and keep you informed of our progress.

This policy covers the WarpSite platform and our marketing website. Vulnerabilities that affect the confidentiality, integrity, or availability of these systems are in scope.

The following are out of scope, and reports limited to these items will generally not be eligible for acknowledgment:

• Denial-of-service or distributed denial-of-service attacks, and volumetric or resource-exhaustion testing.
• Social engineering of our staff, customers, or contractors, including phishing.
• Physical attacks against our offices, equipment, or personnel.
• Automated scanner output submitted without a demonstrated, exploitable impact.
• Vulnerabilities in third-party services, providers, or software that we do not control. Please report those to the responsible vendor.

If you make a good-faith effort to comply with this policy during your security research, we will consider your testing to be authorized, and we will not pursue or support legal action against you in connection with that research. To remain within this safe harbor, you must:

• Avoid violating the privacy of others, including accessing, downloading, or storing more data than is necessary to demonstrate the issue.
• Avoid destroying, altering, or corrupting any data.
• Avoid disrupting or degrading our services or those of our customers and providers.
• Stop testing and report to us immediately if you encounter any personal data, and do not access, save, or share it beyond what is needed to report the issue.

If legal action is initiated by a third party against you for activities that you conducted in good faith under this policy, we will take reasonable steps to make it known that your actions were authorized. This safe harbor does not apply to activity that violates the law or that falls outside the scope described above.

When you submit a report that follows this policy, we will acknowledge receipt, review the issue, and work to validate and remediate confirmed vulnerabilities as quickly as is practical given the severity. We will keep you reasonably informed throughout the process.

WarpSite does not currently operate a paid bug bounty program, so reports are not eligible for monetary rewards at this time. We genuinely appreciate the effort that responsible disclosure takes, and with your permission we are happy to credit you for a valid, original report once the issue has been resolved.

To report a security issue or to ask a question about this policy, email us at [email protected] or write to us at Andrew Lee Jenkins LLC, 8401 Mayland Dr #10872, Richmond, VA 23294, United States.

We may update this Security and Responsible Disclosure page from time to time as our practices and the platform evolve. When we make changes, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically.

This page is provided for general informational purposes only and does not constitute legal advice.