Vulnerability Disclosure Policy
How security researchers and users can report vulnerabilities safely and responsibly.
At a glance
- Finpliq welcomes responsible reports of security vulnerabilities.
- Testing must not harm customers, access data without permission or disrupt service.
Full policy
- Reports should include the affected URL or feature, steps to reproduce, impact, evidence and contact details.
- Researchers must avoid destructive testing, social engineering, denial-of-service, spam, persistence, data exfiltration and access to other users' records.
- Finpliq will review, triage and remediate valid reports based on risk and may request additional information.