Security & Responsible Disclosure Policy of Wawp. Data safety and service integrity are our absolute priorities. We highly value the contributions of security researchers and white-hat testers in helping protect our digital ecosystem.
1. Our Commitment to Cybersecurity
Wawp utilizes high-tier encryption protocols (HTTPS) and advanced database firewalls to protect webhook channels, API requests, and user details. Continuous automated scanning and vulnerability checks are run to defend our cloud network.
2. Responsible Disclosure Guidelines
If you identify a bug or security vulnerability in our endpoints, dashboard, or database architecture, we kindly ask you to cooperate under these guidelines:
- Private Submission: Send the details directly and confidentially to security@wawp.net.
- Data Minimization: Do not exploit the bug to view, extract, or delete other users’ transactional database logs.
- No Public Disclosure: Avoid publishing details online or on social platforms until Wawp has remediated the concern.
3. Safe Harbor
Wawp pledges not to pursue legal actions or alert authorities against testers who act in good faith, respect user privacy, and fully comply with this Responsible Disclosure Policy.
4. Response & Remediation SLA
Upon submitting a valid security report, Wawp commits to:
- Acknowledging receipt and providing an initial review within 48 hours.
- Determining an appropriate remediation timeline based on severity and keeping you updated on the fix.
- Offering official gratitude to researchers whose verified reports help reinforce Wawp safety.
5. Strictly Prohibited Testing Actions
The following actions are strictly prohibited and will void Safe Harbor protection:
- Executing Distributed Denial of Service (DDoS) attacks.
- Performing brute force or automated password spraying against customer portals.
- Attempting social engineering, phishing, or physical attacks on Wawp infrastructure and personnel.