Security

Security Policy

Effective date: May 7, 2026. This page describes RIPTON CLOUD's security posture, vulnerability reporting process, and testing expectations.

Security controls buyers can inspect

Encryption is mandatory

RIPTON CLOUD is designed so transfers cannot be run in plaintext. Packet payloads are encrypted and authenticated as part of the protocol.

Forward-secret sessions

Session keys are derived per session so compromise of one session does not expose previous or future sessions.

Replay and tamper protection

Authenticated packets, sequence handling, and replay windows are used to detect modification, injection, and replay attempts.

Operational visibility

Structured transfer records, transfer identifiers, session identifiers, and error events are designed to support debugging and security review without exposing key material.

Reporting a vulnerability

If you believe you have found a security issue in RIPTON CLOUD, email security@riptoncloud.com. If that address is unavailable, use hello@riptoncloud.com with "Security report" in the subject line.

  • Describe the issue, affected component, and security impact.
  • Include clear reproduction steps, proof-of-concept code if useful, and relevant logs or screenshots.
  • Avoid accessing, modifying, deleting, or exfiltrating data that does not belong to you.
  • Avoid actions that degrade service availability, such as denial-of-service testing, spam, brute force, or destructive testing.
  • Give RIPTON CLOUD reasonable time to investigate and remediate before public disclosure.

Safe harbor

RIPTON CLOUD will not pursue legal action against researchers who act in good faith, avoid privacy violations and service disruption, report issues promptly, and follow this policy. This safe harbor does not apply to unlawful activity, extortion, data theft, destructive testing, or attacks against third parties.

Out of scope

  • Reports based only on missing security headers without a practical exploit path.
  • Social engineering, phishing, or physical attacks.
  • Denial-of-service or resource exhaustion testing.
  • Automated scanner output without validated impact.
  • Issues in third-party services unless they create a direct, exploitable risk to RIPTON CLOUD users.

Security review

Technical buyers can request a cryptographic design summary during evaluation. RIPTON CLOUD does not ask prospects to send sensitive production data through website forms. Evaluation data and deployment requirements should be discussed directly before testing sensitive workflows.