Back to Home
DRAFT — review required
This page was generated by
pnpm generate:legal. Have qualified counsel review before removing this banner.Responsible Disclosure
Effective: June 12, 2026
1. Scope
We welcome coordinated disclosure from security researchers for vulnerabilities in the Service hosted at faststaq.com.
In scope:
- Production web application and API.
- Official client libraries and SDKs.
- Authentication, authorization, and billing flows.
Out of scope:
- Third-party subprocessor systems (report to the vendor directly).
- Denial-of-service, social engineering, or physical attacks.
- Findings that require an already-compromised device or account.
2. Reporting
Email reports to security@faststaq.com with:
- A clear proof-of-concept.
- Steps to reproduce.
- Potential impact.
- Suggested remediation (optional).
For sensitive reports, request our PGP key in the first message.
3. Safe harbor
We will not pursue civil or criminal action against researchers who:
- Act in good faith and in accordance with this policy.
- Avoid privacy violations, data destruction, and Service disruption.
- Give us reasonable time to remediate before public disclosure (typically 90 days).
4. Rewards
We currently operate a recognition-only program: we publicly credit reporters (with consent) on our security page. A monetary bounty program may be introduced in future.
5. Contact
FastStaq · Security team · security@faststaq.com