Responsible Disclosure Policy
Last Updated: April 1, 2026
1. Introduction
TransactBridge is committed to maintaining the security, integrity, and availability of its platform, systems, and user data.
We recognize that security researchers and members of the public may identify potential vulnerabilities. This Responsible Disclosure Policy outlines how such vulnerabilities can be reported responsibly and how TransactBridge handles these reports.
We encourage responsible disclosure to help us improve the security of our services.
2. Scope
This Policy applies to vulnerabilities discovered in:
- TransactBridge websites and web applications
- Merchant dashboards and user portals
- APIs and integration endpoints
- Publicly accessible systems operated by TransactBridge
This Policy does not apply to:
- Third-party services not controlled by TransactBridge
- Social engineering or phishing attacks
- Physical security testing without authorization
3. Reporting a Vulnerability
If you believe you have identified a security vulnerability, please report it promptly to:
compliance@transactbridge.com
Your report should include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected URLs, systems, or endpoints
- Any supporting evidence (e.g., screenshots, logs, proof-of-concept)
Providing detailed and accurate information will assist us in timely investigation and remediation.
4. Responsible Testing Guidelines
When conducting security research, you agree to:
- Act in good faith and comply with all applicable laws and regulations
- Avoid accessing, modifying, or deleting data that does not belong to you
- Avoid disrupting or degrading TransactBridge services
- Avoid automated scanning that may impact system performance
- Not perform denial-of-service (DoS/DDoS) attacks
- Not conduct social engineering, phishing, or physical intrusion attempts
Testing must be limited to what is necessary to confirm the existence of a vulnerability.
5. Confidentiality and Coordinated Disclosure
To protect users and systems, we request that you:
- Do not publicly disclose the vulnerability until it has been resolved or until a mutually agreed disclosure timeline has been established
TransactBridge will work with researchers to coordinate responsible disclosure where appropriate.
6. Our Commitment
Upon receiving a valid report, TransactBridge aims to:
- Acknowledge receipt within a reasonable timeframe
- Investigate and validate the reported issue
- Take appropriate remediation actions
- Maintain communication with the reporting party where possible
Resolution timelines may vary depending on the complexity and severity of the vulnerability.
7. Safe Harbor
TransactBridge will not pursue legal action against individuals who:
- Identify vulnerabilities in good faith
- Comply with this Policy
- Do not exploit vulnerabilities beyond what is necessary for reporting
This safe harbor applies only to activities conducted in accordance with this Policy.
8. Limitations
This Policy does not:
- Grant authorization to access systems beyond what is permitted
- Provide compensation or bug bounty rewards unless explicitly stated
- Override any applicable laws or regulations
9. Policy Updates
TransactBridge may update this Responsible Disclosure Policy from time to time to reflect changes in security practices or operational requirements.
The latest version will be published on the TransactBridge website with an updated “Last Updated” date.
10. Contact
For vulnerability reports or security-related inquiries, please contact: