Legal › Responsible Disclosure Policy

Responsible Disclosure Policy

Version 1.0Effective 13 July 2026Sabiki Pte. Ltd. · UEN 202135394K · Singapore

We are a security company. If you find a hole in our product or our site, we want to hear about it, and we will treat you well for telling us.

Report a vulnerability

security@sabikisecurity.com

Tell us what you found, how to reproduce it, and what you think the impact is. Include your name if you would like credit. That is all we need.

What we promise you

Our commitment
AcknowledgementWithin 2 business days we will confirm we have your report and that a human is reading it.
TriageWithin 5 business days we will tell you whether we have reproduced it, how we have rated it, and what we intend to do.
FixWe will keep you updated while we fix it, and we will tell you when it is done.
CreditIf you want it, we will credit you publicly when the fix ships. If you would rather stay anonymous, that is fine too.
Safe harbourIf you act in good faith and within this policy, we will not pursue legal action against you, and we will say so to anyone who asks.

What we ask of you

In scope

Out of scope

These are things we already know about, or that are not ours to fix. Reporting them will not earn a response.

Bounties

We do not currently run a paid bounty programme. We will say so plainly rather than imply one and then decline to pay. What we offer is a fast, honest response, public credit if you want it, and safe harbour. If we start paying, this page will say so.

Encryption

If you would rather encrypt your report, email security@sabikisecurity.com and ask for our public key. We will send it.

← All legal documents