Firebreak Academy Return to academy

Trust and security

Ownership, contact, and security posture for Firebreak Academy.

Firebreak Academy is a standalone training site for safe workplace AI use. This page gives reviewers, workplace security teams, and automated scanners a plain source of truth for the production origin and public security posture.

Updated 2026-04-28 Canonical https://firebreak.academy/trust

Scope

The canonical production origin is https://firebreak.academy. Public metadata, sitemap entries, and disclosure references should use that origin.

  • Firebreak Academy stands on its own as a training and simulation experience.
  • Old public download URLs are intentionally retired and return 410 Gone.
  • The site is not intended to collect payments, payment cards, or unmanaged uploads.

Security Posture

The production site uses HTTPS, security response headers, crawler files, and an authenticated feedback API. Public downloads are not available from the live site.

  • /robots.txt and /sitemap.xml are explicit static files.
  • /downloads/* returns 410 Gone with noindex guidance.
  • /api/feedback requires authentication before reads or writes.
  • /.well-known/security.txt provides the current disclosure path.

Contact

Security reports and legitimacy questions can be sent to krisdoesmusic@gmail.com. Please include the URL, timestamp, browser or scanner name, and the smallest safe reproduction steps. Do not send sensitive third-party data in the first report.

Disclosure scope: use this channel for vulnerability reports and site legitimacy questions. It is not an incident-response hotline.

Firebreak Academy publishes this page to keep ownership, crawler, and security contact signals easy to verify.