EBANX Security Vulnerability Reporting Policy

SECURITY VULNERABILITY REPORTING POLICY

Thank you for your interest in notifying us about potential security issues in our products. We ask that you follow our responsible reporting process, so that we can reproduce and verify your report.

If you would like to bring security related problems to our attention, you can do so by contacting vulnerability@ebanx.com. We ask that you provide contact details so that we may ask for more information if necessary. Also it's important that you include your PGP public key in your report.

You can download our PGP key.

RESPONSIBLE DISCLOSURE GUIDELINES

• Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC)
• Do all you can to avoid privacy violations, destruction of data and interruption or degradation of our services
• Do not modify or access data that does not belong to you
• Give us a reasonable amount of time to correct the issue before making any information public

We will attempt to respond to you within 1-2 business days. By following our responsible reporting guidelines, we commit to not taking legal action against you or seeking the involvement of law enforcement.