1. Responsible Disclosure
We welcome responsible security reports that identify vulnerabilities in authentication, authorization, payment workflow, messaging, API boundaries, or marketplace trust systems.
Report to security@glocalxperts.com. For encrypted submissions, use our public key at /pgp_public_key.asc.
PGP fingerprint: 8F73 9A10 4D2F 8A55 2CE9 5C10 4B2A 9D44 E7F1 1C2B
2. Scope
In-scope areas include account security, identity verification workflows, fraud controls, payment safety, payment workflow integrity, and platform API protections.
This platform is not a financial institution or escrow provider.
3. Out of Scope
Social engineering, denial-of-service testing, and privacy-invasive testing without permission are out of scope.
4. Response Commitment
We acknowledge valid reports within 3 business days and provide progress updates until remediation or risk acceptance is completed.
5. Safe Harbor
Good-faith testing that follows this policy and avoids service disruption or data abuse will be treated as authorized research activity.