Responsible Disclosure Policy
At Payl8r, we take the security of our systems seriously. We are committed to ensuring that our services are safe for all users, and we appreciate the efforts of security researchers in helping us achieve this goal.

If you believe you have discovered a security vulnerability, we encourage you to responsibly disclose it to us. Please follow the guidelines below when reporting security issues:

Guidelines
Do not attempt to exploit the vulnerability beyond the scope needed for testing. This includes:

Avoid accessing or modifying data that does not belong to you.
Do not disrupt our services or cause any downtime.
Do not publicly disclose the vulnerability until we have had a chance to investigate and fix the issue.

Provide a detailed report including:

The steps to reproduce the vulnerability.
Potential impact.
Any relevant screenshots, logs, or supporting information.
Use our PGP key to securely communicate the details of the vulnerability. Download PGP key: https://www.payl8r.com/publickey.asc

Respect the privacy of our users and the integrity of our services when researching vulnerabilities.

What You Can Expect
We will acknowledge receipt of your vulnerability report within 5 business days.
We will work with you to understand and resolve the issue as quickly as possible.
If you follow these guidelines, we commit to not initiating legal action against you.
Scope
The following areas are within the scope of this policy:

The Payl8r website (https://www.payl8r.com)
Any publicly accessible Payl8r APIs
Out of Scope
Denial of Service (DoS) attacks
Physical attacks
Social engineering (including phishing) attacks against our employees or users
How to Report
To report a vulnerability, please contact us at it@payl8r.com and use our PGP key for encryption. You can find our PGP key here: https://www.payl8r.com/publickey.asc