Paystack's Vulnerability Disclosure Policy

Security is at the heart of everything we do at Paystack. If you discover a vulnerability, kindly report it to us.

At Paystack, the security of our systems is extremely important to us, and our Security team promptly investigates, and fixes confirmed security bugs and vulnerabilities.

If you believe you’ve discovered a bug, kindly get in in touch with the Paystack Security team at "[email protected]." We will promptly respond to your report, and we request that you not publicly disclose the issue until it's been addressed by Paystack.

We understand the hard work that goes into security research, and we appreciate the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or instigating action on another user’s behalf).

Currently, however, we don’t offer any monetary compensation or rewards for vulnerabilities reported to us.

Additionally, kindly note the following:

∙ We don’t condone denial of service, spam, or vulnerabilities exposed as a result of social engineering.
∙ Paystack and all services offered by Paystack are in scope of this document, but vulnerabilities in third-party applications that use Paystack aren’t.
∙ Kindly ensure that your testing doesn’t violate any laws.

Thank you!