Security Policy
Information about our security measures and how to report potential vulnerabilities.
Last Updated: July 6, 2025
At Fips, the security of our users' data and our platform is our highest priority. We are continuously working to improve our security infrastructure and value the contributions of the security researcher community.
1. Our Commitment
- Secure Design: We design our applications and infrastructure following best security practices (TLS 1.3, Content-Security-Policy, HSTS, etc.).
- Data Protection: We take strong measures to protect user data, especially sensitive trading data, such as encryption at rest and in transit.
- Responsible Disclosure: We are committed to collaborating with researchers who report security vulnerabilities responsibly and to resolving findings in a timely manner.
2. Vulnerability Disclosure Program
If you believe you have found a security vulnerability, we ask that you report it to us responsibly.
- How to Report: Please send your findings, including a detailed description of the vulnerability and, if possible, steps to reproduce it (PoC), via email to [email protected].
- Scope: This policy covers the
fipsapp.comdomain, its subdomains, and the official Fips Trading Assistant mobile applications. - Out of Scope: Please refrain from the following actions:
- Denial of Service (DoS or DDoS) attacks.
- Spam or social engineering (phishing) tactics.
- Attacks against our physical infrastructure.
- Attempting to access or modify other users' data.
3. Our Commitment (Safe Harbor)
We pledge not to initiate legal action against security researchers who act in good faith and in accordance with this policy. After receiving your report:
- We will send you a confirmation as soon as possible.
- We will collaborate with you to verify your findings and set a timeline for a solution.
- We will inform you when the issue is resolved.
We thank you in advance for your contribution to our security.