Security Policy

1. Security Practices

• TLS encryption for data in transit.
• Access-controlled infrastructure and admin operations.
• Authentication, ownership checks, and policy enforcement for protected routes and APIs.
• Audit logging for privileged operational actions.
• Payment processing through Stripe so Beeprd does not store full card numbers.

2. User Responsibilities

Keep credentials secure, use accurate account information, avoid sharing sessions, and notify Beeprd promptly if you suspect unauthorized account access.

3. Responsible Disclosure

If you discover a vulnerability, email security@beeprd.com. Do not access, modify, destroy, or exfiltrate data; do not disrupt service; and do not publicly disclose the issue before Beeprd has had a reasonable opportunity to investigate.

4. No Bug Bounty Promise

Beeprd does not currently operate a paid bug bounty program. We appreciate responsible reports but do not guarantee compensation unless separately agreed in writing.

5. Incident Response

Beeprd investigates security reports, prioritizes remediation based on severity, and may notify affected users or regulators when required by law.