Security

We take the security of our systems seriously. If you believe you have found a vulnerability in any Mawiloa system, please report it responsibly.

Report a vulnerability

Email: security@mawiloa.com
PGP key: Download public key
Policy: security.txt

Scope

Reports should cover the Mawiloa web application, API endpoints, and client portal. Social engineering, denial-of-service, and issues in third-party services (Stripe, Supabase) should be reported to those vendors directly.

Response timeline

We aim to acknowledge reports within 2 business days and provide a status update within 10 business days.