Security Policy

Last updated: June 11, 2026

1) Security program

My Money Hub applies reasonable technical and organizational controls to protect information confidentiality, integrity, and availability, including financial data, assets, financial health evaluations, and weekly mentor content.

2) Data protection

• Use of encryption in transit where applicable.
• Access controls with least-privilege principle.
• Protection of sensitive user-entered information such as transactions, budgets, goals, properties, and assets.
• Error and incident monitoring for early response.

3) Export, import, and device security

Export and import features may create files containing personal financial information. You should store them securely, avoid sharing them over unprotected channels, and keep your operating system and device lock up to date.

4) Responsible vulnerability reporting

If you identify a vulnerability, report it responsibly so we can investigate and remediate it.

• Security email: security@viglascode.com
• Include reproduction steps, impact, and evidence.
• Do not publicly disclose before coordinating remediation with our team.

5) Scope and exclusions

This includes vulnerabilities affecting assets controlled by Viglascode related to My Money Hub. It excludes social engineering tests, denial-of-service attacks, spam, or testing that may impact user availability.

6) Incident response

We acknowledge valid reports within a reasonable timeframe and share updates during investigation. Remediation is prioritized by severity and impact.

7) Safe harbor and compliance

We will not pursue legal action against researchers acting in good faith, within defined scope, and without harming users. This policy does not establish a paid bug bounty unless explicitly announced.