đź”’ Responsible Disclosure
Report a Security Issue
Help us keep eWallet secure. If you've discovered a security vulnerability, please report it responsibly using this form.
Responsible Disclosure Guidelines
Do
- Report vulnerabilities as soon as you discover them
- Provide detailed information to help us reproduce the issue
- Give us reasonable time to fix the issue before public disclosure
- Use this official channel for reporting
- Act in good faith to avoid privacy violations and service disruptions
Don't
- Access or modify user data without permission
- Perform actions that could harm our users or services
- Publicly disclose the vulnerability before we've had time to address it
- Execute denial of service attacks or spam attacks
- Use social engineering or phishing against our employees
Submit Security Report
All submissions are treated confidentially and reviewed by our security team.
Bug Bounty Program
We reward security researchers for responsibly disclosed vulnerabilities. Rewards range from $100 to $10,000 depending on severity and impact.
Learn More →Alternative Contact
Prefer email? You can also report security issues directly to our security team.
security@ewallet.appPGP Public Key for encrypted communications
Response Timeline
We take security seriously and aim to respond to all reports within 24-48 hours. Critical issues receive immediate attention.
Security Policy →Scope & Exclusions
âś“ In Scope
- Web application (*.ewallet.app)
- Mobile applications (iOS and Android)
- API endpoints (api.ewallet.app)
- Payment processing systems
- Authentication and authorization
- Data storage and transmission
âś— Out of Scope
- Social engineering attacks on staff
- Physical security of our offices
- Denial of service attacks
- Spam or social engineering of users
- Issues in third-party services we don't control
- Recently reported and known issues