Found a security bug?
Write to security@sanpha.ma. We acknowledge within one working day and credit you publicly once a fix is shipped, if you'd like.
- Initial acknowledgement within one working day.
- Triage and severity within five working days.
- Please do not test on accounts you do not own. No phishing, social-engineering or DoS.
- Bounties — yes, on a case-by-case basis for valid findings.
