If you discover a security vulnerability in Paybound, please report it responsibly.
Email: [email protected]
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation plan within 7 days for critical issues.
This policy covers the Paybound open-source core:
- Policy engine
- Transaction ledger
- Proxy facilitator
- Client SDK
- Third-party facilitators (e.g., Coinbase CDP) — report to their respective security teams
- Issues in dependencies — report upstream
We follow coordinated disclosure. Please do not publicly disclose vulnerabilities until we have had a chance to address them.