IdeaTwister is a hosted service. Your prompts are processed on our infrastructure with a zero-data-retention AI provider, your dashboard sits behind an unguessable URL, and we collect only what we need to deliver and bill the run.
Security Policy
Reporting a vulnerability
Please do not open a public GitHub issue for security problems.
Instead, email hello@ideatwister.com with:
- A description of the issue
- Steps to reproduce
- The dashboard URL or run identifier if relevant
- Your name and contact info if you'd like credit in a fix
We aim to acknowledge reports within 72 hours and ship a fix within two weeks for confirmed issues.
What counts
Anything that could let someone:
- Read another user's idea, run metadata, or dashboard
- Bypass payment for a paid run
- Compromise our hosted infrastructure or the data we store on behalf of users
- Hijack the dashboard delivery email or status page
Things that do not count: vulnerabilities in upstream dependencies that already have a CVE filed, or general "AI can produce wrong output" reports.
Scope
This policy covers the IdeaTwister hosted product at ideatwister.com. Vulnerabilities in third-party AI providers, payment processors, or infrastructure vendors we use should be reported to those vendors directly.
Disclosure
We coordinate disclosure with reporters. Once a fix ships, we credit reporters publicly unless they prefer otherwise.