Responsible Vulnerability Disclosure Policy

At P-Credit Kenya Limited, the security of our systems and the protection of customer data is a top priority. We are committed to maintaining a safe and secure environment for all users. If you have discovered a security vulnerability in our systems, we appreciate your help in responsibly disclosing it to us.

Reporting a Vulnerability

If you believe you have found a vulnerability, please email us at security@pcredit.co.ke with the following information:

• A detailed description of the vulnerability
• Steps to reproduce the issue
• Your contact information (optional, for follow-up)

What We Ask of You

• Do not exploit the vulnerability or access data that is not yours
• Do not share the vulnerability publicly or with others before it is resolved
• Give us a reasonable amount of time to investigate and address the issue

What You Can Expect From Us

• We will acknowledge your report within a reasonable time
• We will investigate and fix the issue as quickly as possible
• We will keep you informed of our progress
• We may offer public recognition or appreciation if appropriate

Scope

This policy applies to any digital asset owned or operated by P-Credit Kenya Limited. Reports regarding third-party services or platforms we use should be directed to those respective vendors.

Legal Safe Harbor

If you act in good faith, in accordance with this policy, we will not pursue legal action against you. This does not give you permission to access, modify, or destroy any data that is not your own.

Thank you for helping us keep P-Credit secure and trustworthy for all our customers.