Security Policy

Last updated: May 1, 2026

1) Security program

My Money Hub applies reasonable technical and organizational controls to protect information confidentiality, integrity, and availability.

2) Data protection

• Use of encryption in transit where applicable.
• Access controls with least-privilege principle.
• Error and incident monitoring for early response.

3) Responsible vulnerability reporting

If you identify a vulnerability, report it responsibly so we can investigate and remediate it.

• Security email: security@viglascode.com
• Include reproduction steps, impact, and evidence.
• Do not publicly disclose before coordinating remediation with our team.

4) Scope and exclusions

This includes vulnerabilities affecting assets controlled by Viglascode related to My Money Hub. It excludes social engineering tests, denial-of-service attacks, spam, or testing that may impact user availability.

5) Incident response

We acknowledge valid reports within a reasonable timeframe and share updates during investigation. Remediation is prioritized by severity and impact.

6) Safe harbor and compliance

We will not pursue legal action against researchers acting in good faith, within defined scope, and without harming users. This policy does not establish a paid bug bounty unless explicitly announced.