Katana Pay
Responsible Disclosure Policy

At Katana Pay, we take the security of our systems and the privacy of our users very seriously. If you have discovered a security vulnerability in our systems, we encourage you to report it to us responsibly. We appreciate your assistance in maintaining the security and integrity of our platform.

1. Reporting a Vulnerability

Please report any potential security vulnerabilities to [[email protected]] with the subject line "Security Vulnerability Disclosure."

2. Information to Include in Your Report

To help us understand and address the issue effectively, please include the following information:

• A detailed description of the vulnerability.
• Steps to reproduce the vulnerability.
• Any potential impact the vulnerability may have.
• Your contact information (name, email address).

3. Our Commitment

Upon receiving your report, we will:

• Acknowledge receipt of your report within 3 business days.
• Investigate the reported vulnerability and provide an estimated timeframe for resolution.
• Notify you when the vulnerability has been addressed.

4. Guidelines

To ensure your disclosure is within the bounds of responsible disclosure, please:

• Avoid violating privacy, destroying data, or interrupting our services.
• Give us a reasonable amount of time to address the issue before making any information public.
• Avoid exploiting the vulnerability beyond what is necessary to demonstrate its existence.

5. Recognition

We appreciate your effort in reporting vulnerabilities and, where applicable, we may recognize your contribution. If you wish to remain anonymous, please let us know in your report.

6. Legal Disclaimer

By submitting a vulnerability report, you agree to comply with this Responsible Disclosure Policy. We will not take legal action against security researchers who follow these guidelines and act in good faith.