Responsible Disclosure Program
At NayaPay, we prioritize the security of our systems, data, and most importantly, our customers. We champion the critical role that ethical hackers and security researchers play in enhancing cybersecurity. With our Responsible Vulnerability Disclosure Program, we invite security researchers and experts to help us identify any vulnerabilities in our systems responsibly.
Program Scope
Note: The NayaPay help website and Sandbox environments are outside the program's scope. You can find a list of Out of Scope Vulnerabilities here.
Guidelines
Before you start, make sure your findings are actionable and relevant.
Describe the vulnerability succinctly, specifying the area of the system where it was discovered, and the potential impact. The clearer your report, the faster we act.
Avoid actions that could compromise data integrity or user experience. While researching, refrain from actions that could harm the availability or integrity of our services. Do not access or modify data that doesn’t belong to you.
If a vulnerability provides unintended access to data, please limit the amount of data you access to the minimum required to effectively demonstrate Proof of Concept, and cease testing and submit a report immediately if you encounter any user data during testing.
Keep your findings under wraps until we have effectively addressed them.
Submit Your Research
Send us your detailed report via email to security@nayapay.com, adhering to the provided guidelines. Use our PGP key for encryption to ensure communication security. You can download the necessary software and find our current PGP key here.
