Big news Bottlepay is now part of the NYDIG family
Learn more
personal business
Coming soon

Title

Introduction

At Bottlepay, we consider the security of our systems a top priority. We do realise that no matter how much effort we put into system security, there can still be vulnerabilities present.

We value those who take the time and effort to report security vulnerabilities according to this policy. However, we do not usually offer monetary rewards for vulnerability disclosures.

If you discover a vulnerability, we would like to know about it so we can take steps to resolve the issue as quickly as possible.

Reporting

If you believe you have found a security vulnerability, please email your findings to [email protected] We do have a PGP key you can use to encrypt your findings. You can find our PGP key https://bottlepay.com/legals/pgp-key.txt.

In your report please include details of:

  • Where the vulnerability occurs, for example the URL, IP, or version of the app.

  • A brief description of the vulnerability.

  • Steps to help us reproduce the vulnerability. This should be a non destructive proof of concept.

  • A CVSS calculation for the vulnerability.

Guidance

We will not initiate any legal action against you provided that you:

  • Only test against your own account. Do not interact with any account that you do not own.

  • Do not access or attempt to access data that does not belong to you.

  • Do not exploit a security issue that you discover for any reason.

  • Do not perform actions that may negatively impact Bottlepay or our users, for example (but not limited to): denial of service, sending any malicious software and/or files, testing third party applications that we have integrations with or that integrate with us.

  • Do not reveal the problem to others until it has been resolved.

  • Do not use attacks on physical security, social engineering or spam.

What you can expect from us

  • We will confirm receipt of your report within 5 business days.

  • If you have followed the instructions above, we will not take any legal action against you in regard to the report.

  • We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.

  • We will keep you informed of the progress towards resolving the problem.

  • In the public information concerning the problem reported, we will give your handle/name as the discoverer of the problem (unless you desire otherwise).

  • We strive to resolve all problems as quickly as possible.

Acknowledgement

We currently do not maintain a public wall of thanks for reported issues and security researchers.

Policy

This policy and the most current version is hosted at https://bottlepay.com/legals/disclosure-policy/.

Still have questions?

Check our help page or contact support via the app.

Blog

Blogs can be boring, but not this one. Get your Bottlepay content fix here - from crypto chat to new features to get excited about, and everything in between.

Read the articles

Company

Customers

Legals

Bottlepay Ltd has been temporarily registered under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as a cryptoasset business until 31 March 2022, pending the determination of our application by the Financial Conduct Authority. Whilst your funds are held securely, they are not protected by the Financial Services Compensation Scheme and are not within the scope of the jurisdiction of the Financial Ombudsman Service

© 2021 Bottlepay Ltd. All rights reserved.