Report a Security Issue
If you believe you have found a vulnerability in Racey, please report it privately so we can investigate and protect users before details are shared publicly.
Email support@racey.gg with the subject line Security report.
Include the affected URL or feature, steps to reproduce, expected impact, and any screenshots or logs that do not expose another user's private data.
- Do not access, modify, delete, or exfiltrate another user's data.
- Do not run denial-of-service, spam, automated scraping, or quota-exhaustion tests.
- Do not attempt persistence, lateral movement, or social engineering.
- Use your own account and stop testing once you have enough evidence to report.
We prioritize reports involving authentication, authorization, payment flows, private league data, account takeover, sensitive token exposure, and cross-tenant data access.
This is a private disclosure channel, not a public bug bounty program. We do not currently offer monetary rewards.
For ordinary product bugs or support questions, use the signed-in feedback button or the public contact form.