Security at Spikes Media
An overview of how we protect data and the practices behind our platform. We treat security as an ongoing commitment, not a checkbox.
Last updated: June 18, 2026
Reporting a vulnerability
We welcome reports from security researchers. If you believe you have found a vulnerability, email hello@spikesmedia.com. Please include enough detail to reproduce the issue. Our machine- readable contact details follow RFC 9116.
We ask that you give us a reasonable opportunity to investigate and remediate before any public disclosure, and that you avoid privacy violations, data destruction, and service disruption while testing. We will not pursue legal action against good-faith research conducted under these guidelines.
Encryption
All traffic to our websites and services is served over HTTPS and we enforce HTTP Strict Transport Security (HSTS). Data is encrypted in transit using modern TLS, and data at rest is encrypted by our infrastructure providers.
Application & platform hardening
Our web properties ship with a Content Security Policy and the standard set of security response headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy) to reduce the risk of cross-site scripting and clickjacking.
Access control
Access to systems and data follows the principle of least privilege. Administrative accounts require multi-factor authentication, and access is reviewed on a recurring basis.
Data handling
We do not sell personal data and we do not use client data to train machine-learning models. For details on what we collect and how it is used, see our Privacy Policy.