SECURITY POLICY
mwmsc.net
Last revised April 15, 2026
This security policy outlines what steps we take to ensure the security of our web service and the data we collect.
When you use mwmsc.net and its subdomains, the data we collect includes:
- Information about your requesting browser, such as:
- your IP address; and
- your user agent; and
- Your session cookie, if set by mwmsc.net.
This data is accessible to administrators of the web service, namely Michael Wong. Data is not shared or sold to any third party and is only used for audience analysis and security purposes.
Your session cookie is not retained by our servers, and we cannot identify a given user based on the session cookie. Logging data, which consists of your IP address and user agent, is retained for 30 days.
This web service uses static pages for most non-dynamic content, and access to public dynamic content, namely the redirection service, does not expose any personal information.
Administrator pages and the back-end API are secured by Cloudflare Access, providing secure access to authorized users only. The JSON Web Token used by Access is also validated at each request to the admin pages and API to provide identity authentication and authorization.
The only individual who can authorize use of the administrator pages and the API is Michael Wong.
System databases can only be modified using the API, either by fetching it directly or using the administrator pages.
Under the terms of use, you may not attempt to bypass our security measures or access the administrator pages or API without authorization. However, bona fide security researchers who discover a vulnerability, do so responsibly (maintaining the availability of the service), do not read data from the logging system, and promptly report it to the contact listed at the end of this policy may test the security of this service.
To report a security concern or vulnerability, please contact the webmaster at https://michaelwongmusic.com/contact