Security & Responsible Disclosure Policy — Saudi Tradex

Effective date: May 18, 2026

1. Reporting security issues

If you believe you found a security vulnerability, report it to:

Security email: [email protected]

Please include:

• affected URL or feature;
• clear description;
• steps to reproduce;
• impact;
• screenshots or logs without sensitive personal data;
• your contact information.

2. Authorized behavior

Good-faith reports are welcome. You must:

• avoid accessing, modifying, deleting, or exfiltrating data;
• avoid denial-of-service testing;
• avoid social engineering;
• avoid spam or destructive testing;
• stop testing if you access non-public data;
• report promptly and confidentially.

3. Prohibited testing

Do not:

• attack production availability;
• brute force accounts;
• access user data;
• upload malware;
• attempt privilege escalation beyond proof-of-concept;
• publicly disclose before we investigate.

4. Response

Saudi Tradex will make reasonable efforts to:

• acknowledge receipt;
• assess severity;
• remediate where appropriate;
• communicate status;
• credit reporters if agreed.

5. security.txt

Saudi Tradex publishes `/.well-known/security.txt`:

Contact: mailto:[email protected]
Preferred-Languages: en, ar
Policy: https://sauditradex.com/legal/security-responsible-disclosure
Expires: 2027-05-18T00:00:00Z

6. No bounty promise

Unless a written bounty program exists, reports do not create a right to payment.

7. Emergency

For active abuse or account compromise: [email protected] or [email protected]