A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Relay Financial - Security Team
# Last update: 2023-11-17

# Our security address
Contact: mailto:security@relayfi.com

# Our OpenPGP key
Encryption: https://relayfi.com/.well-known/relay-security.txt

# Our Privacy policy:
Policy: https://relayfi.com/privacy

# Location of this page
Canonical: https://relayfi.com/.well-known/security.txt

# Bug Bounty Program
 - We have a bug bounty program through hackerone.com
 - Bounty up to 3000$ ; At Relay Financial security team discretion
 - Please reach out to security+bbp@relayfi.com to be invited, our program is private and on invitation only.
 - We pay for vulnerability we don't know about, and for potential impact
 - Bounty is forfeited if there are any impacts to real-data and/or systems stability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdDpEdO0llw8nTXVT0HEqE7CJtXEFAmVXqoEACgkQ0HEqE7CJ
tXFDBg//dFZJqRYwXcMskNJOBaZYUCijCO6o3XiiVsXSX/PzxLa+X6a4gH+K46CD
eNnA9K0tfVdbKW/8rFWw1CaKNmnZyLmQRqd0dIlRYQppDncxGCFcSGVUu1+BKamL
UBFvrbr/gZzmn07sprKu9ezdLIPnuflSM6eqZGYC6NTF9+HWhsfrdyyxyhw8/lOE
+hwqXgrJGjm4KtPUfAS0kleDzA3h01Yaktkwy60tvHnUsyOREJTG8CrzZyg+/yno
sCIJGhOlTIYRSomxXgamgNYSsUpWnac6CNkHt+Qh8RjYhcM3nLscv75YCvMO+Uk7
KGQa0ZlEtpI7Qw4UeMfMXCQjZzMicKftVhr30qSDaf48QzI222LBTvZQ/f/aS1rh
mvaFpkx0SAjtgXec3wsZPDj7xCp3HYdiUPqww9lwSqKd3XMPl2RILr0DEdR1Jkh3
gjFAfwteEkhauW1hQkcweQJwqmEdJ3THtK88gBbTu89NgBrmXSsvY8qXKZ+3lNAT
+ALpY0jnYF2wxaU86niokoyRsC0u8gwXw+Bp4bG6PQkyfk0W0B3F7sIm4oyBK2DF
8c7WInwaR2eOHa63IK2VlQ5tdWBqTRLBX6XugW2i/GvPqK86PRP/blaxyXREkwRg
67yOrPUNQ/HvDVOZhCDhazxV5OTURXjxnatKXInqF1QrS/J7q9A=
=ea/W
-----END PGP SIGNATURE-----