Security is a top priority at Paywaz.
If you believe you’ve discovered a vulnerability that could affect Paywaz systems, SDKs, APIs, or documentation, please follow this policy.
This security policy applies to:
paywaz-public-apipaywaz-sdk-jspaywaz-docspaywaz-samplespaywaz-license- Any official Paywaz open-source project or SDK
Do NOT open a public GitHub issue.
Please email:
Include:
- Description of the issue
- Affected repo(s)
- Proof-of-concept if available
- Steps to reproduce
- Recommended mitigations (optional)
We aim to acknowledge vulnerability reports within 48 hours, and provide a remediation plan within 5 working days.
We request:
- No public disclosure until our fix is released
- No exploitation of the vulnerability
- No disruption to Paywaz services or network
We appreciate responsible researchers and will credit them (optional) after resolution.
Maintainers will:
- Prioritize critical vulnerabilities
- Patch supported versions
- Publish release notes for security fixes
- Update documentation as needed
We deeply appreciate all responsible security researchers and contributors who help keep the Paywaz ecosystem safe and trustworthy.