Security
Vulnerability Disclosure Policy
How security researchers and users can report vulnerabilities safely and responsibly.
- Owner
- Security
- Effective from
- 8 July 2026
- Last reviewed
- 8 July 2026
- Review cycle
- Annual or following material change
At a glance
Finpliq welcomes responsible reports of security vulnerabilities.
Testing must not harm customers, access data without permission or disrupt service.
Full policy
Reports should include the affected URL or feature, steps to reproduce, impact, evidence and contact details.
Researchers must avoid destructive testing, social engineering, denial-of-service, spam, persistence, data exfiltration and access to other users' records.
Finpliq will review, triage and remediate valid reports based on risk and may request additional information.