← createnano.com
Createnano LLC

Security Policy

Last updated: April 7, 2026

Our Commitment to Security

Createnano LLC takes the security of our systems and user data seriously. We appreciate the work of security researchers and members of the public who help us maintain the security of our products and infrastructure. This policy outlines how to responsibly report security vulnerabilities to us.

Scope

This policy applies to the following systems operated by Createnano LLC:

  • createnano.com and all subdomains
  • speakroar.com and all subdomains
  • Any APIs publicly exposed by these properties

This policy does not apply to third-party services or infrastructure we use (e.g., AWS, Vercel, payment processors). Please report issues in those systems directly to the respective providers.

How to Report a Vulnerability

If you believe you have found a security vulnerability in one of our systems, please report it to us by emailing:

Security Disclosure

security@createnano.com

For critical vulnerabilities, you may also call us at (505) 405-2773.

Please include as much of the following as possible in your report:

  • Type of vulnerability (e.g., XSS, SQLi, IDOR, authentication bypass)
  • URL or system component affected
  • Step-by-step instructions to reproduce the vulnerability
  • Proof-of-concept code or screenshots if available
  • Potential impact of the vulnerability
  • Your name and contact information (optional, for acknowledgment)

What to Expect from Us

  • Acknowledgment: We will acknowledge receipt of your report within 3 business days.
  • Assessment: We will investigate and assess the reported vulnerability within 10 business days.
  • Updates: We will keep you informed of our progress and expected remediation timeline.
  • Resolution: We aim to resolve confirmed vulnerabilities within 90 days, depending on complexity.
  • Disclosure coordination: We will work with you to coordinate public disclosure after the issue is resolved, if desired.

Safe Harbor

Createnano LLC considers security research conducted in good faith and in accordance with this policy to be authorized. We will not pursue legal action against researchers who:

  • Report vulnerabilities in accordance with this policy
  • Make a good-faith effort to avoid privacy violations, data destruction, or service interruption
  • Do not exploit a vulnerability beyond what is necessary to demonstrate the issue
  • Do not access, modify, or delete data belonging to other users
  • Keep the vulnerability confidential until we have addressed it

Out of Scope

The following types of issues are outside the scope of this policy:

  • Denial of service (DoS/DDoS) attacks
  • Social engineering or phishing attacks against Createnano employees or users
  • Physical security issues
  • Vulnerabilities in third-party applications or services
  • Issues that require physical access to a device
  • Automated scanner output without a demonstrated impact

Our Security Practices

  • All data in transit is encrypted using TLS 1.2 or higher
  • Sensitive credentials are stored using industry-standard hashing (bcrypt)
  • We enforce principle of least privilege for internal system access
  • We conduct periodic security reviews of our codebase and infrastructure
  • Dependencies are monitored for known vulnerabilities

Bug Bounty

We do not currently operate a formal paid bug bounty program. We are grateful for responsible disclosures and will acknowledge researchers publicly (with their consent) and consider compensation for significant findings on a case-by-case basis.

Privacy PolicyTerms of ServiceContact