In scope
Authentication issues, data exposure, scoring integrity problems, and browser-side vulnerabilities.
Security
Report issues privately and clearly.
If you find a security issue, send a concise report with reproduction steps and avoid touching real match or account data that is not yours.
Good reports
Include the affected route, steps to reproduce, expected behavior, actual behavior, and screenshots or logs when useful.
Responsible testing
Use dummy data, avoid denial-of-service testing, and allow time for a fix before public disclosure.
Security contact: hello@planmycricket.com.
Do not access, modify, or export another user match data while testing.