Responsible Disclosure

At Softpay we take security seriously and strive to continuously improve.

How do you report?

Send an email to us at responsible-disclosure@softpay.io. We prefer that you use our public PGP key to encrypt and protect the information you send. Please, make sure to include the following information:

Detailed description of the vulnerability, containing such info as URL and type of vulnerability.
CVSS3 SCORE (Common Vulnerability Scoring System)
The necessary information that we need in order to reproduce the problem.
If applicable, a screenshot of the vulnerability you have found.
Contact information, name, email, phone number, and your public PGP key (if you have one)
Technical details (endpoint, vulnerable part - get/post-parameters, cookie, header, path, http-method)

How do you report?

You can report security flaws that you have found on Softpay’s homepage or application. Examples of security flaws are cross-site scripting, flaws in encryption or flaws with security implications in logic controls. The reporting service is not for other logical errors, errors in texts, questions about our services, questions about the security of our services or similar.

What can you expect of Softpay?

We will confirm that we have received your description, continuously keep you updated while we process the issue, and inform you when the issue is fixed.

Claims for compensation as a condition for sending in a vulnerability will not be accepted.

What is required of you?

For the security of Softpay and our customers it's important that you follow good practice, i.e. that:

You do not use the vulnerability to access or attempt to access information that does not belong to you
You do not use the vulnerability to remove or modify information
You do not affect the availability of our services through denial of service attacks
You give us an opportunity to fix the reported vulnerability before going public with it.

What is in scope?

Softpay’s app and website.

Can you file a report anonymously?

Yes, but then we cannot respond back and keep you updated on the status.

PGP key

Key ID: ###

With Softpay any Android device can be your payment terminal in a matter of minutes.

softpay app white-label softpos sdk integrations developer site faq status

Assisted mobile sales Queue busting and pop-up shops emergency POS self checkout

about us partnership find a partner blog MEDIA DOWNLOADS JOBS contact

Responsible disclosure Cookie Policy Privacy Policy Terms & Conditions

Responsible Disclosure

How do you report?

How do you report?

What can you expect of Softpay?

What is required of you?

What is in scope?

Can you file a report anonymously?

PGP key

PRODUCT

USE CASES

COMPANY

Responsible Disclosure

How do you report?

How do you report?

What can you expect of Softpay?

What is required of you?

What is in scope?

Can you file a report anonymously?

PGP key

PRODUCT

USE CASES

COMPANY

Follow us on

Subscribe to our newsletter