1. How to Report
Send vulnerability reports to
compliance@satsrail.com
with the subject line "Security Vulnerability Report".
Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Any proof-of-concept code or screenshots
- Your contact information for follow-up
2. Our Commitment
- We will acknowledge receipt of your report within 3 business days
- We will provide an initial assessment within 10 business days
- We will work to resolve confirmed vulnerabilities promptly
- We will notify you when the vulnerability has been addressed
- We will not pursue legal action against researchers who report vulnerabilities in good faith and follow this policy
3. Scope
This policy covers:
- The SatsRail merchant portal (
satsrail.com)
- The SatsRail API (
satsrail.com/api/)
- The SatsRail marketing website (
www.satsrail.com)
- SatsRail open-source SDKs and tools
Out of Scope
- Third-party services (Stripe, hosting providers, CDNs)
- PrivaPaid deployments operated by independent operators
- Social engineering attacks against SatsRail employees
- Denial of service attacks
- Issues in third-party dependencies that do not affect SatsRail
4. Guidelines
When researching vulnerabilities, please:
- Do not access, modify, or delete data belonging to other users
- Do not disrupt or degrade the service for other users
- Do not publicly disclose the vulnerability before we have addressed it
- Act in good faith to avoid privacy violations and data destruction