Website Vulnerability Disclosure

Help us improve our security by responsibly disclosing vulnerabilities

Our Commitment to Security

At iPaha Ltd, we take the security of our systems seriously. We appreciate the efforts of security researchers and the responsible disclosure of vulnerabilities. If you believe you've found a security issue in our systems, we encourage you to notify us immediately.

We will investigate all legitimate reports and do our best to quickly fix the problem. Before reporting though, please review this page, including our responsible disclosure policy, our scope, and our rewards.

Scope

In Scope

  • Main website (https://www.ipahait.com)
  • Mobile applications (iOS and Android)
  • API endpoints (https://api.ipahait.com)
  • Customer portals (https://portal.ipahait.com)

Out of Scope

  • Third-party services or websites
  • Physical security vulnerabilities
  • Social engineering attacks
  • Denial of Service (DoS) attacks

Responsible Disclosure Policy

  • Provide us with enough information to reproduce the vulnerability.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
  • Do not access or modify user data without explicit permission of the account owner.
  • Give us reasonable time to address the issue before making any information public.
  • Do not use automated tools to test our systems without our explicit permission.

How to Report a Vulnerability

If you believe you've found a security vulnerability, please send us a description of the issue and any related information (logs, screenshots, etc.) to our security team.

We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.