3 min read
Download

Security Policy

Last Updated: July 17, 2025

At Digiwava, we take the security of our platform and our users' data seriously. This security policy outlines how to report security vulnerabilities and our commitment to addressing them.

Reporting Security Vulnerabilities

We appreciate the security community's efforts in helping keep Digiwava and our users safe. If you believe you've found a security vulnerability in our platform, please report it to us responsibly.

How to Report

Email: [email protected]

Please include the following information in your report:

  • Type of vulnerability
  • Steps to reproduce the issue
  • Potential impact
  • Any proof-of-concept code
  • Your recommendations for fixing the issue

What to Expect

  • Initial Response: We commit to acknowledging your report within 24 hours
  • Triage: We'll assess the severity and validity of the report within 72 hours
  • Updates: We'll keep you informed about our progress
  • Resolution: We aim to resolve issues based on severity:
    • Critical: 7 days
    • High: 14 days
    • Medium: 30 days
    • Low: 90 days

Responsible Disclosure

We kindly ask security researchers to:

  • Allow us reasonable time to investigate and fix vulnerabilities before public disclosure
  • Make a good faith effort to avoid privacy violations, data destruction, and service disruption
  • Not access or modify user data beyond what's necessary to demonstrate the vulnerability
  • Not perform actions that could harm our users or our infrastructure

Testing Guidelines

In Scope

  • The main Digiwava platform (digiwava.com)
  • Authentication and authorization mechanisms
  • Payment processing security
  • Data validation and sanitization
  • Session management

Out of Scope

  • Third-party services and platforms we integrate with
  • Social engineering attacks
  • Physical attacks on our infrastructure
  • Attacks requiring physical access to user devices

Prohibited Activities

  • Denial of Service (DoS) attacks
  • Brute force attacks
  • Automated scanning that disrupts service
  • Accessing or modifying other users' data
  • Any illegal activities

Our Security Practices

We implement multiple security measures to protect our platform and users:

Infrastructure Security

  • All data transmitted over HTTPS with modern TLS protocols
  • Regular security updates and patches
  • Secure cloud infrastructure with access controls

Application Security

  • Content Security Policy (CSP) to prevent XSS attacks
  • Input validation and output encoding
  • Secure session management
  • Protection against common vulnerabilities (OWASP Top 10)
  • Automated vulnerability scanning of dependencies
  • Regular security dependency updates

Data Protection

  • Encryption of sensitive data at rest and in transit
  • Regular security audits
  • Minimal data collection principle
  • Secure password storage using industry-standard hashing

User Content Security

  • Automated malware scanning of all uploaded files
  • Virus detection on user-submitted content
  • Quarantine and removal of malicious files

Payment Security

  • PCI-compliant payment processing through Stripe
  • No storage of credit card information on our servers
  • Secure tokenization for payment methods

Recognition

As Digiwava is a new platform, we don't currently have a formal bug bounty or rewards program. However, we value the contributions of security researchers and will consider:

  • Public acknowledgment of researchers who report valid vulnerabilities (with permission)
  • Future implementation of a recognition program as our platform grows
  • Retroactive recognition for significant contributions

We will not pursue legal action against security researchers who:

  • Engage in good faith security research
  • Follow the guidelines outlined in this policy
  • Report vulnerabilities through our designated channels
  • Allow us time to address issues before disclosure

This safe harbor provision applies only to security research activities that comply with this policy. It does not extend to any illegal activities or actions that would violate applicable laws or regulations.

Updates to This Policy

We may update this security policy from time to time. We encourage security researchers to check this page periodically for any changes.

Contact

For security-related inquiries: [email protected]

For general support: [email protected]

Thank you for helping keep Digiwava secure!