Skip to main content
Finpliq
Start free
← Policy library

Security

Vulnerability Disclosure Policy

How security researchers and users can report vulnerabilities safely and responsibly.

Owner
Security
Effective from
8 July 2026
Last reviewed
8 July 2026
Review cycle
Annual or following material change

At a glance

Finpliq welcomes responsible reports of security vulnerabilities.

Testing must not harm customers, access data without permission or disrupt service.

Full policy

Reports should include the affected URL or feature, steps to reproduce, impact, evidence and contact details.

Researchers must avoid destructive testing, social engineering, denial-of-service, spam, persistence, data exfiltration and access to other users' records.

Finpliq will review, triage and remediate valid reports based on risk and may request additional information.