Security & Responsible Disclosure — JabalPay
Effective date: March 4, 2026
Last updated: March 4, 2026
JabalPay Inc. (“JabalPay,” “we,” “us”) takes security seriously. This page explains how to report security issues and our expectations for responsible disclosure.
Contact (all security reports and inquiries): [email protected]
1) Reporting a security issue
If you believe you’ve found a security vulnerability or suspect a security incident involving JabalPay, email [email protected] with:
-
a clear description of the issue,
-
steps to reproduce (if applicable),
-
affected URLs, endpoints, or screens,
-
any proof-of-concept details (keep it minimal and safe), and
-
your contact information for follow-up.
Please use the email subject line: “Security Report — Responsible Disclosure”.
2) What we ask from you (responsible disclosure)
To protect users and the ecosystem, you agree that you will:
-
not access, modify, delete, or exfiltrate data that does not belong to you,
-
not disrupt our Services (no denial-of-service, spam, or destructive testing),
-
not attempt social engineering against our team or users,
-
not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate, and
-
provide enough detail for us to reproduce and fix the issue.
If you unintentionally access sensitive information, stop immediately and notify us at [email protected].
3) What we consider “out of scope”
The following are generally out of scope for responsible disclosure (unless you have explicit written permission):
-
physical attacks or theft,
-
social engineering or phishing of employees/users,
-
denial-of-service (DoS/DDoS) testing,
-
automated scanning that degrades service performance,
-
vulnerabilities in third-party services we do not control (please report those directly to the third party), and
-
reports based only on “best practices” without a clear security impact.
4) Our response process
When you report an issue, we typically will:
-
acknowledge receipt,
-
assess severity and impact,
-
work to remediate as appropriate, and
-
follow up with you if we need additional detail.
We may not be able to share full details of our investigation or remediation for security reasons.
5) No bug bounty (for now)
JabalPay does not currently operate a public bug bounty program. We may still choose, at our discretion, to recognize helpful reports.
6) Legal safe harbor (good-faith research)
We support good-faith security research conducted in line with this policy. We will not pursue legal action for activities that:
-
are conducted in good faith,
-
avoid privacy violations and service disruption, and
-
are reported promptly to [email protected].
This does not limit our ability to take action in response to malicious activity or conduct that violates applicable law.
7) Updates
We may update this policy from time to time. If we do, we will update the “Last updated” date and publish the revised version on our website.
Contact
To report a vulnerability or security concern, email [email protected].
Contact / Legal Notices — JabalPay
Effective date: March 4, 2026
Last updated: March 4, 2026
This page provides official contact information and legal notices for JabalPay Inc. (“JabalPay,” “we,” “us”) in connection with jabalpay.com and our services (the “Services”).
1) Company details
Legal entity: JabalPay Inc.
Registered address: 18 King Street East, Suite 1400, Toronto, Ontario M5C 1C4, Canada
MSB Registration Number: N300000035
2) Contact
For all inquiries (including support, complaints, privacy requests, and compliance questions):
Email: [email protected]
3) Legal notices and service communications
You agree that we may provide notices and communications electronically (including by email and by posting updates on our website). Please ensure you maintain access to the email address linked to your account.
4) No legal, tax, or financial advice
Information on our website is provided for general informational purposes only and does not constitute legal, tax, financial, or investment advice. You should obtain independent professional advice for your specific situation.
5) Trademark and copyright
All trademarks, logos, and service marks displayed on the Site are the property of JabalPay or their respective owners. All content on the Site is protected by applicable intellectual property laws.
You may not copy, reproduce, distribute, publish, display, modify, create derivative works from, or exploit any content from the Site without our prior written permission, except as permitted by law.
6) Third-party links
Our Site may include links to third-party websites or services. JabalPay is not responsible for third-party content, policies, or practices. Your use of third-party sites is at your own risk.
7) Updates
We may update this page from time to time. If we do, we will update the “Last updated” date and publish the revised version on our website.
