Blivap takes the security of our platform and the privacy of our users seriously. We welcome reports from security researchers and the public to help us identify and fix vulnerabilities.
We support coordinated vulnerability disclosure. If you discover a security issue in our systems, website, or applications, we ask that you report it to us in a responsible way so we can address it before it is made public. We will work with you to understand and resolve the issue and, where appropriate, acknowledge your contribution.
Please send your report to security@blivap.com. Include a clear description of the vulnerability, steps to reproduce, and any proof-of-concept or screenshots if available. We ask that you do not publicly disclose the issue until we have had a reasonable time to fix it and that you do not access, alter, or delete data that is not your own.
We will acknowledge your report as soon as possible and keep you updated on our progress. We aim to assess and triage reports promptly and to fix valid vulnerabilities in a timely manner. We do not pursue legal action against researchers who report in good faith and follow this policy. We may recognise significant contributions in our security acknowledgements, with your permission.
Social engineering, physical attacks, denial-of-service attacks, and issues that require physical access to a user's device are generally out of scope. We also do not accept reports for third-party services we do not control. If in doubt, contact us before testing.
For security-related reports only, use security@blivap.com. For general enquiries, please use our Contact page.
Blivap